Sign-up

ID

VAR-202005-1062


TITLE

Apparent video surveillance system has arbitrary file reading vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-24767

DESCRIPTION

Apstar focuses on ultra-high-definition, ultra-telephoto, multi-spectral, thermal imaging product technical services and overall customized solutions. The Apex video surveillance system has an arbitrary file reading vulnerability. The vulnerability is due to the fact that its video surveillance background does not perform any filtering and verification of resource requests, resulting in direct reading of system files across directories. Attackers can use this vulnerability to perform arbitrary Reading of files.

Trust: 0.6

sources: CNVD: CNVD-2020-24767

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-24767

AFFECTED PRODUCTS

vendor:apstar digitalmodel:video monitoringscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-24767

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-24767
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2020-24767
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2020-24767

PATCH

title:Apparent video surveillance system has arbitrary file reading vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/211081

Trust: 0.6

sources: CNVD: CNVD-2020-24767

EXTERNAL IDS

db:CNVDid:CNVD-2020-24767

Trust: 0.6

sources: CNVD: CNVD-2020-24767

SOURCES

db:CNVDid:CNVD-2020-24767

LAST UPDATE DATE

2022-05-04T09:32:52.632000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-24767date:2020-04-26T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-24767date:2020-05-09T00:00:00