Sign-up

ID

VAR-201908-1727


CVE

CVE-2018-20955


TITLE

Infinova Swann SWWHD-INTCAM-HD Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-26779 // CNNVD: CNNVD-201908-601

DESCRIPTION

Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31. Swann SWWHD-INTCAM-HD The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Infinova Swann SWWHD-INTCAM-HD is a webcam from Infinova. A vulnerability management issue vulnerability exists in the Infinova Swann SWWHD-INTCAM-HD device. The vulnerability stems from the lack of an effective trust management mechanism in network systems or products. An attacker can attack an affected component with a default password or hard-coded password, hard-coded certificate, and so on. Infinova Swann SWWHD-INTCAM-HD is a network camera produced by Infinova. to attack affected components

Trust: 2.34

sources: NVD: CVE-2018-20955 // JVNDB: JVNDB-2018-016007 // CNVD: CNVD-2019-26779 // VULHUB: VHN-131813 // VULMON: CVE-2018-20955

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-26779

AFFECTED PRODUCTS

vendor:swannmodel:swwhd-intcam-hdscope:eqversion: -

Trust: 1.0

vendor:swannmodel:swwhd-intcam-hdscope: - version: -

Trust: 0.8

vendor:infinovamodel:swann swwhd-intcam-hdscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-26779 // JVNDB: JVNDB-2018-016007 // NVD: CVE-2018-20955

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20955
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20955
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-26779
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-601
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131813
value: HIGH

Trust: 0.1

VULMON: CVE-2018-20955
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-20955
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-26779
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-131813
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20955
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-26779 // VULHUB: VHN-131813 // VULMON: CVE-2018-20955 // JVNDB: JVNDB-2018-016007 // CNNVD: CNNVD-201908-601 // NVD: CVE-2018-20955

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-131813 // JVNDB: JVNDB-2018-016007 // NVD: CVE-2018-20955

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-601

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-601

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016007

PATCH
title:Top Pageurl:https://www.swann.com/us/
Trust: 0.8
title:Infinova Swann SWWHD-INTCAM-HD Patch for Trust Management Issue Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/174501
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-26779 // 
            
            
            
            JVNDB: JVNDB-2018-016007

EXTERNAL IDS
db:NVDid:CVE-2018-20955
Trust: 3.2
db:JVNDBid:JVNDB-2018-016007
Trust: 0.8
db:CNNVDid:CNNVD-201908-601
Trust: 0.7
db:CNVDid:CNVD-2019-26779
Trust: 0.6
db:VULHUBid:VHN-131813
Trust: 0.1
db:VULMONid:CVE-2018-20955
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-26779 // 
            
            
            
            VULHUB: VHN-131813 // 
            
            
            
            VULMON: CVE-2018-20955 // 
            
            
            
            JVNDB: JVNDB-2018-016007 // 
            
            
            
            CNNVD: CNNVD-201908-601 // 
            
            
            
            NVD: CVE-2018-20955

REFERENCES
url:https://www.pentestpartners.com/security-blog/hacking-swann-home-security-camera-video/
Trust: 2.6
url:https://www.swann.com/au/safe-by-swann-upgrade
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-20955
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20955
Trust: 0.8
url:https://www.necplatforms.co.jp/product/enkaku/info180702.html
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-26779 // 
            
            
            
            VULHUB: VHN-131813 // 
            
            
            
            VULMON: CVE-2018-20955 // 
            
            
            
            JVNDB: JVNDB-2018-016007 // 
            
            
            
            CNNVD: CNNVD-201908-601 // 
            
            
            
            NVD: CVE-2018-20955

SOURCES
db:CNVDid:CNVD-2019-26779
db:VULHUBid:VHN-131813
db:VULMONid:CVE-2018-20955
db:JVNDBid:JVNDB-2018-016007
db:CNNVDid:CNNVD-201908-601
db:NVDid:CVE-2018-20955

LAST UPDATE DATE
2024-11-23T21:59:42.824000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-26779date:2019-08-12T00:00:00
db:VULHUBid:VHN-131813date:2019-08-16T00:00:00
db:VULMONid:CVE-2018-20955date:2019-08-16T00:00:00
db:JVNDBid:JVNDB-2018-016007date:2019-08-20T00:00:00
db:CNNVDid:CNNVD-201908-601date:2021-08-25T00:00:00
db:NVDid:CVE-2018-20955date:2024-11-21T04:02:33.403

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-26779date:2019-08-12T00:00:00
db:VULHUBid:VHN-131813date:2019-08-08T00:00:00
db:VULMONid:CVE-2018-20955date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2018-016007date:2019-08-20T00:00:00
db:CNNVDid:CNNVD-201908-601date:2019-08-08T00:00:00
db:NVDid:CVE-2018-20955date:2019-08-08T21:15:11.567