Details of VAR-201908-1728

ID

VAR-201908-1728

CVE

CVE-2018-20956

TITLE

Swann SWWHD-INTCAM-HD Vulnerability related to information disclosure from log files on devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016008

DESCRIPTION

Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31. Swann SWWHD-INTCAM-HD The device contains a vulnerability related to information disclosure from log files.Information may be obtained. Infinova Swann SWWHD-INTCAM-HD is a webcam from Infinova. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. Infinova Swann SWWHD-INTCAM-HD is a network camera produced by Infinova

Trust: 2.25

sources: NVD: CVE-2018-20956 // JVNDB: JVNDB-2018-016008 // CNVD: CNVD-2019-26774 // VULHUB: VHN-131814

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-26774

AFFECTED PRODUCTS

vendor:	swann	model:	swwhd-intcam-hd	scope:	eq	version:	-	Trust: 1.0
vendor:	swann	model:	swwhd-intcam-hd	scope:	-	version:	-	Trust: 0.8
vendor:	infinova	model:	swann swwhd-intcam-hd	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-26774 // JVNDB: JVNDB-2018-016008 // NVD: CVE-2018-20956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20956
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-20956
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-26774
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-604
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-131814
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-20956
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-26774
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-131814
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20956
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-26774 // VULHUB: VHN-131814 // JVNDB: JVNDB-2018-016008 // CNNVD: CNNVD-201908-604 // NVD: CVE-2018-20956

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.9

sources: VULHUB: VHN-131814 // JVNDB: JVNDB-2018-016008 // NVD: CVE-2018-20956

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-604

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201908-604

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016008

PATCH

title:	Top Page	url:	https://www.swann.com/us/	Trust: 0.8
title:	Infinova Swann SWWHD-INTCAM-HD Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96287	Trust: 0.6

sources: JVNDB: JVNDB-2018-016008 // CNNVD: CNNVD-201908-604

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20956	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-016008	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-604	Trust: 0.7
db:	CNVD	id:	CNVD-2019-26774	Trust: 0.6
db:	VULHUB	id:	VHN-131814	Trust: 0.1

sources: CNVD: CNVD-2019-26774 // VULHUB: VHN-131814 // JVNDB: JVNDB-2018-016008 // CNNVD: CNNVD-201908-604 // NVD: CVE-2018-20956

REFERENCES

url:	https://www.pentestpartners.com/security-blog/hacking-swann-home-security-camera-video/	Trust: 2.5
url:	https://www.swann.com/au/safe-by-swann-upgrade	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20956	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20956	Trust: 0.8
url:	https://gist.github.com/lz1y/e82eb9cc776e629b9d1874dc689421eb	Trust: 0.6

sources: CNVD: CNVD-2019-26774 // VULHUB: VHN-131814 // JVNDB: JVNDB-2018-016008 // CNNVD: CNNVD-201908-604 // NVD: CVE-2018-20956

SOURCES

db:	CNVD	id:	CNVD-2019-26774
db:	VULHUB	id:	VHN-131814
db:	JVNDB	id:	JVNDB-2018-016008
db:	CNNVD	id:	CNNVD-201908-604
db:	NVD	id:	CVE-2018-20956

LAST UPDATE DATE

2024-11-23T22:33:47.005000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-26774	date:	2019-08-12T00:00:00
db:	VULHUB	id:	VHN-131814	date:	2019-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-016008	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201908-604	date:	2021-08-25T00:00:00
db:	NVD	id:	CVE-2018-20956	date:	2024-11-21T04:02:33.540

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-26774	date:	2019-08-12T00:00:00
db:	VULHUB	id:	VHN-131814	date:	2019-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-016008	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201908-604	date:	2019-08-08T00:00:00
db:	NVD	id:	CVE-2018-20956	date:	2019-08-08T21:15:11.630