Sign-up

ID

VAR-201906-0709


CVE

CVE-2017-10721


TITLE

Shekar Endoscope Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014515

DESCRIPTION

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. Shekar Endoscope Contains an access control vulnerability.Information may be tampered with. SHEKAR Technology Endoscope is a portable endoscope device from China SHEKAR Technology Company. There is a security vulnerability in SHEKAR Technology Endoscope. Attackers can exploit this vulnerability to obtain video content and images or cause other harm

Trust: 1.8

sources: NVD: CVE-2017-10721 // JVNDB: JVNDB-2017-014515 // VULHUB: VHN-101072 // VULMON: CVE-2017-10721

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:ishekarmodel:endoscope camerascope:eqversion:*

Trust: 1.0

vendor:shekarmodel:endoscopescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014515 // NVD: CVE-2017-10721

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10721
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-10721
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-670
value: MEDIUM

Trust: 0.6

VULHUB: VHN-101072
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-10721
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10721
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-101072
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10721
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-101072 // VULMON: CVE-2017-10721 // JVNDB: JVNDB-2017-014515 // CNNVD: CNNVD-201906-670 // NVD: CVE-2017-10721

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-101072 // JVNDB: JVNDB-2017-014515 // NVD: CVE-2017-10721

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-670

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201906-670

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014515

PATCH
title:endoscopeurl:http://ishekar.com/en/Products/endoscope/
Trust: 0.8
title:IoT_vulnerabilitiesurl:https://github.com/ethanhunnt/IoT_vulnerabilities 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-10721 // 
            
            
            
            JVNDB: JVNDB-2017-014515

EXTERNAL IDS
db:NVDid:CVE-2017-10721
Trust: 2.8
db:PACKETSTORMid:153241
Trust: 1.9
db:JVNDBid:JVNDB-2017-014515
Trust: 0.8
db:CNNVDid:CNNVD-201906-670
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-101072
Trust: 0.1
db:VULMONid:CVE-2017-10721
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-101072 // 
            
            
            
            VULMON: CVE-2017-10721 // 
            
            
            
            JVNDB: JVNDB-2017-014515 // 
            
            
            
            PACKETSTORM: 153241 // 
            
            
            
            CNNVD: CNNVD-201906-670 // 
            
            
            
            NVD: CVE-2017-10721

REFERENCES
url:https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf
Trust: 2.6
url:https://seclists.org/bugtraq/2019/jun/8
Trust: 1.8
url:http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10721
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10721
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ethanhunnt/iot_vulnerabilities
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10722
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10718
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10720
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10719
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10723
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10724
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-101072 // 
            
            
            
            VULMON: CVE-2017-10721 // 
            
            
            
            JVNDB: JVNDB-2017-014515 // 
            
            
            
            PACKETSTORM: 153241 // 
            
            
            
            CNNVD: CNNVD-201906-670 // 
            
            
            
            NVD: CVE-2017-10721

CREDITS
Mandar Satam
Trust: 0.1
sources:
            
            
            PACKETSTORM: 153241

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-101072
db:VULMONid:CVE-2017-10721
db:JVNDBid:JVNDB-2017-014515
db:PACKETSTORMid:153241
db:CNNVDid:CNNVD-201906-670
db:NVDid:CVE-2017-10721

LAST UPDATE DATE
2025-01-30T20:04:57.013000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-101072date:2019-06-20T00:00:00
db:VULMONid:CVE-2017-10721date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2017-014515date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-670date:2019-06-21T00:00:00
db:NVDid:CVE-2017-10721date:2024-11-21T03:06:20.260

SOURCES RELEASE DATE
db:VULHUBid:VHN-101072date:2019-06-17T00:00:00
db:VULMONid:CVE-2017-10721date:2019-06-17T00:00:00
db:JVNDBid:JVNDB-2017-014515date:2019-06-24T00:00:00
db:PACKETSTORMid:153241date:2019-06-09T09:32:22
db:CNNVDid:CNNVD-201906-670date:2019-06-17T00:00:00
db:NVDid:CVE-2017-10721date:2019-06-17T22:15:10.090