Details of VAR-201905-1434

ID

VAR-201905-1434

TITLE

Hikvision camera has weak password vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-10636

DESCRIPTION

Hikvision is a video-centric IoT solution provider, providing integrated security, smart business and big data services. Hikvision cameras in 2013 and earlier versions have weak password vulnerabilities. Attackers can use weak passwords to remotely connect and control the camera.

Trust: 0.6

sources: CNVD: CNVD-2019-10636

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-10636

AFFECTED PRODUCTS

vendor:

hikvision digital

model:

camera

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2019-10636

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-10636
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2019-10636
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-10636

PATCH

title:

Hikvision camera has weak password vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/157361

Trust: 0.6

sources: CNVD: CNVD-2019-10636

EXTERNAL IDS

db:

CNVD

id:

CNVD-2019-10636

Trust: 0.6

sources: CNVD: CNVD-2019-10636

SOURCES

db:

CNVD

id:

CNVD-2019-10636

LAST UPDATE DATE

2022-05-04T10:04:01.376000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-10636

date:

2019-06-19T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2019-10636

date:

2019-05-08T00:00:00