Sign-up

ID

VAR-201906-0706


CVE

CVE-2017-10718


TITLE

Shekar Endoscope Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-014519

DESCRIPTION

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. Shekar Endoscope Contains vulnerabilities related to certificate and password management.Information may be tampered with. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. There is a security hole in SHEKARTechnologyEndoscope. An attacker could use this vulnerability to modify the default SSID and password, preventing users from accessing the device or causing other hazards. There is a security vulnerability in SHEKAR Technology Endoscope

Trust: 2.34

sources: NVD: CVE-2017-10718 // JVNDB: JVNDB-2017-014519 // CNVD: CNVD-2019-18874 // VULHUB: VHN-101068 // VULMON: CVE-2017-10718

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-18874

AFFECTED PRODUCTS

vendor:ishekarmodel:endoscope camerascope:eqversion:*

Trust: 1.0

vendor:shekarmodel:endoscopescope: - version: -

Trust: 0.8

vendor:shekarmodel:technology endoscopescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-18874 // JVNDB: JVNDB-2017-014519 // NVD: CVE-2017-10718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10718
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-10718
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-18874
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-667
value: MEDIUM

Trust: 0.6

VULHUB: VHN-101068
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-10718
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10718
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-18874
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-101068
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10718
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-18874 // VULHUB: VHN-101068 // VULMON: CVE-2017-10718 // JVNDB: JVNDB-2017-014519 // CNNVD: CNNVD-201906-667 // NVD: CVE-2017-10718

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-101068 // JVNDB: JVNDB-2017-014519 // NVD: CVE-2017-10718

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-667

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-667

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014519

PATCH
title:endoscopeurl:http://ishekar.com/en/Products/endoscope/
Trust: 0.8
title:IoT_vulnerabilitiesurl:https://github.com/ethanhunnt/IoT_vulnerabilities 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-10718 // 
            
            
            
            JVNDB: JVNDB-2017-014519

EXTERNAL IDS
db:NVDid:CVE-2017-10718
Trust: 3.3
db:PACKETSTORMid:153241
Trust: 1.9
db:JVNDBid:JVNDB-2017-014519
Trust: 0.8
db:CNNVDid:CNNVD-201906-667
Trust: 0.7
db:CNVDid:CNVD-2019-18874
Trust: 0.6
db:VULHUBid:VHN-101068
Trust: 0.1
db:VULMONid:CVE-2017-10718
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-18874 // 
            
            
            
            VULHUB: VHN-101068 // 
            
            
            
            VULMON: CVE-2017-10718 // 
            
            
            
            JVNDB: JVNDB-2017-014519 // 
            
            
            
            PACKETSTORM: 153241 // 
            
            
            
            CNNVD: CNNVD-201906-667 // 
            
            
            
            NVD: CVE-2017-10718

REFERENCES
url:https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2017-10718
Trust: 2.1
url:https://seclists.org/bugtraq/2019/jun/8
Trust: 1.8
url:http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10718
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ethanhunnt/iot_vulnerabilities
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10722
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10721
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10720
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10719
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10723
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10724
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-18874 // 
            
            
            
            VULHUB: VHN-101068 // 
            
            
            
            VULMON: CVE-2017-10718 // 
            
            
            
            JVNDB: JVNDB-2017-014519 // 
            
            
            
            PACKETSTORM: 153241 // 
            
            
            
            CNNVD: CNNVD-201906-667 // 
            
            
            
            NVD: CVE-2017-10718

CREDITS
Mandar Satam
Trust: 0.1
sources:
            
            
            PACKETSTORM: 153241

SOURCES
db:CNVDid:CNVD-2019-18874
db:VULHUBid:VHN-101068
db:VULMONid:CVE-2017-10718
db:JVNDBid:JVNDB-2017-014519
db:PACKETSTORMid:153241
db:CNNVDid:CNNVD-201906-667
db:NVDid:CVE-2017-10718

LAST UPDATE DATE
2024-11-23T21:59:51.507000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-18874date:2019-06-23T00:00:00
db:VULHUBid:VHN-101068date:2019-06-20T00:00:00
db:VULMONid:CVE-2017-10718date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2017-014519date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-667date:2019-06-21T00:00:00
db:NVDid:CVE-2017-10718date:2024-11-21T03:06:19.760

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-18874date:2019-06-20T00:00:00
db:VULHUBid:VHN-101068date:2019-06-17T00:00:00
db:VULMONid:CVE-2017-10718date:2019-06-17T00:00:00
db:JVNDBid:JVNDB-2017-014519date:2019-06-24T00:00:00
db:PACKETSTORMid:153241date:2019-06-09T09:32:22
db:CNNVDid:CNNVD-201906-667date:2019-06-17T00:00:00
db:NVDid:CVE-2017-10718date:2019-06-17T22:15:09.903