Sign-up

ID

VAR-201911-0364


CVE

CVE-2019-3424


TITLE

C520V21 smart camera Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012109

DESCRIPTION

authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations. ZTE C520V21 is an intelligent web camera of China ZTE Corporation

Trust: 2.16

sources: NVD: CVE-2019-3424 // JVNDB: JVNDB-2019-012109 // CNVD: CNVD-2019-42573

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-42573

AFFECTED PRODUCTS

vendor:ztehomemodel:c520v21scope:lteversion:2.1.14

Trust: 1.0

vendor:ztemodel:c520v21scope:lteversion:2.1.14

Trust: 0.8

vendor:ztemodel:c520v21scope:lteversion:<=2.1.14

Trust: 0.6

sources: CNVD: CNVD-2019-42573 // JVNDB: JVNDB-2019-012109 // NVD: CVE-2019-3424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3424
value: HIGH

Trust: 1.0

NVD: CVE-2019-3424
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-42573
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-1117
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-3424
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-42573
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-3424
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-3424
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-42573 // JVNDB: JVNDB-2019-012109 // CNNVD: CNNVD-201911-1117 // NVD: CVE-2019-3424

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-012109 // NVD: CVE-2019-3424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1117

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201911-1117

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012109

PATCH
title:Statement of Vulnerabilities in ZTE C520V21 Producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842
Trust: 0.8
title:Patch for ZTE C520V21 Authentication Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/192205
Trust: 0.6
title:ZTE C520V21 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103417
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-42573 // 
            
            
            
            JVNDB: JVNDB-2019-012109 // 
            
            
            
            CNNVD: CNNVD-201911-1117

EXTERNAL IDS
db:NVDid:CVE-2019-3424
Trust: 3.0
db:ZTEid:1011842
Trust: 1.6
db:JVNDBid:JVNDB-2019-012109
Trust: 0.8
db:CNVDid:CNVD-2019-42573
Trust: 0.6
db:CNNVDid:CNNVD-201911-1117
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-42573 // 
            
            
            
            JVNDB: JVNDB-2019-012109 // 
            
            
            
            CNNVD: CNNVD-201911-1117 // 
            
            
            
            NVD: CVE-2019-3424

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-3424
Trust: 2.0
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1011842
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3424
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-42573 // 
            
            
            
            JVNDB: JVNDB-2019-012109 // 
            
            
            
            CNNVD: CNNVD-201911-1117 // 
            
            
            
            NVD: CVE-2019-3424

SOURCES
db:CNVDid:CNVD-2019-42573
db:JVNDBid:JVNDB-2019-012109
db:CNNVDid:CNNVD-201911-1117
db:NVDid:CVE-2019-3424

LAST UPDATE DATE
2024-11-23T21:51:51.207000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-42573date:2019-11-28T00:00:00
db:JVNDBid:JVNDB-2019-012109date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-1117date:2020-08-25T00:00:00
db:NVDid:CVE-2019-3424date:2024-11-21T04:42:04.327

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-42573date:2019-11-28T00:00:00
db:JVNDBid:JVNDB-2019-012109date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-1117date:2019-11-18T00:00:00
db:NVDid:CVE-2019-3424date:2019-11-18T19:15:13.310