Details of VAR-201906-0707

ID

VAR-201906-0707

CVE

CVE-2017-10719

TITLE

Shekar Endoscope Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-014520

DESCRIPTION

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. Shekar Endoscope Contains an information disclosure vulnerability.Information may be obtained. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. There is an authorization vulnerability in SHEKARTechnologyEndoscope. The vulnerability stems from a lack of authentication in the network system or product or insufficient strength of authentication. No detailed vulnerability details are currently available. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 2.34

sources: NVD: CVE-2017-10719 // JVNDB: JVNDB-2017-014520 // CNVD: CNVD-2019-18875 // VULHUB: VHN-101069 // VULMON: CVE-2017-10719

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-18875

AFFECTED PRODUCTS

vendor:	ishekar	model:	endoscope camera	scope:	eq	version:	*	Trust: 1.0
vendor:	shekar	model:	endoscope	scope:	-	version:	-	Trust: 0.8
vendor:	shekar	model:	technology endoscope	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-18875 // JVNDB: JVNDB-2017-014520 // NVD: CVE-2017-10719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-10719
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-10719
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-18875
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-668
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-101069
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-10719
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-10719
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-18875
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-101069
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-10719
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-18875 // VULHUB: VHN-101069 // VULMON: CVE-2017-10719 // JVNDB: JVNDB-2017-014520 // CNNVD: CNNVD-201906-668 // NVD: CVE-2017-10719

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-101069 // JVNDB: JVNDB-2017-014520 // NVD: CVE-2017-10719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-668

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201906-668

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014520

PATCH

title:	endoscope	url:	http://ishekar.com/en/Products/endoscope/	Trust: 0.8
title:	IoT_vulnerabilities	url:	https://github.com/ethanhunnt/IoT_vulnerabilities	Trust: 0.1

sources: VULMON: CVE-2017-10719 // JVNDB: JVNDB-2017-014520

EXTERNAL IDS

db:	NVD	id:	CVE-2017-10719	Trust: 3.4
db:	PACKETSTORM	id:	153241	Trust: 1.9
db:	JVNDB	id:	JVNDB-2017-014520	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-668	Trust: 0.7
db:	CNVD	id:	CNVD-2019-18875	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-101069	Trust: 0.1
db:	VULMON	id:	CVE-2017-10719	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-18875 // VULHUB: VHN-101069 // VULMON: CVE-2017-10719 // JVNDB: JVNDB-2017-014520 // PACKETSTORM: 153241 // CNNVD: CNNVD-201906-668 // NVD: CVE-2017-10719

REFERENCES

url:	https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10719	Trust: 2.1
url:	https://seclists.org/bugtraq/2019/jun/8	Trust: 1.8
url:	http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10719	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ethanhunnt/iot_vulnerabilities	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10724	Trust: 0.1

CREDITS

Mandar Satam

Trust: 0.1

sources: PACKETSTORM: 153241

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-18875
db:	VULHUB	id:	VHN-101069
db:	VULMON	id:	CVE-2017-10719
db:	JVNDB	id:	JVNDB-2017-014520
db:	PACKETSTORM	id:	153241
db:	CNNVD	id:	CNNVD-201906-668
db:	NVD	id:	CVE-2017-10719

LAST UPDATE DATE

2025-01-30T21:24:00.941000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-18875	date:	2019-06-23T00:00:00
db:	VULHUB	id:	VHN-101069	date:	2019-06-20T00:00:00
db:	VULMON	id:	CVE-2017-10719	date:	2019-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-014520	date:	2019-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201906-668	date:	2019-07-05T00:00:00
db:	NVD	id:	CVE-2017-10719	date:	2024-11-21T03:06:19.933

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-18875	date:	2019-06-20T00:00:00
db:	VULHUB	id:	VHN-101069	date:	2019-06-17T00:00:00
db:	VULMON	id:	CVE-2017-10719	date:	2019-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-014520	date:	2019-06-24T00:00:00
db:	PACKETSTORM	id:	153241	date:	2019-06-09T09:32:22
db:	CNNVD	id:	CNNVD-201906-668	date:	2019-06-17T00:00:00
db:	NVD	id:	CVE-2017-10719	date:	2019-06-17T22:15:09.983