Details of VAR-202104-0042

ID

VAR-202104-0042

CVE

CVE-2019-20466

TITLE

Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 Vulnerability in using weak password hashes on devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-005175

DESCRIPTION

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device. ------------------------------------------ [Vulnerability Type] Insecure Permissions ------------------------------------------ [Vendor of Product] Sannce ------------------------------------------ [Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317 ------------------------------------------ [Affected Component] Root user through file /etc/passwd ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Escalation of Privileges] true ------------------------------------------ [Attack Vectors] To exploit the vulnerability, someone must be able to get local presence on the device. e.g. through command injection or by using the telnet interface as a low-privileged user. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. ------------------------------------------ [Reference] https://www.sannce.com Use CVE-2019-20466

Trust: 1.8

sources: NVD: CVE-2019-20466 // JVNDB: JVNDB-2021-005175 // VULMON: CVE-2019-20466 // PACKETSTORM: 179815

AFFECTED PRODUCTS

vendor:	sannce	model:	smart hd wifi security camera ean 2 950004 595317	scope:	eq	version:	-	Trust: 1.8
vendor:	sannce	model:	smart hd wifi security camera ean 2 950004 595317	scope:	eq	version:	smart hd wifi security camera ean 2 950004 595317 firmware	Trust: 0.8

sources: JVNDB: JVNDB-2021-005175 // NVD: CVE-2019-20466

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20466
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2019-20466
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-20466
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-099
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-20466
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-20466
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2019-20466
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2019-20466
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-20466 // JVNDB: JVNDB-2021-005175 // CNNVD: CNNVD-202104-099 // NVD: CVE-2019-20466 // NVD: CVE-2019-20466

PROBLEMTYPE DATA

problemtype:	CWE-916	Trust: 1.0
problemtype:	Using weak password hashes (CWE-916) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-005175 // NVD: CVE-2019-20466

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 179815 // CNNVD: CNNVD-202104-099

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-099

PATCH

title:

Top Page

url:

https://www.sannce.com/

Trust: 0.8

sources: JVNDB: JVNDB-2021-005175

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20466	Trust: 3.5
db:	JVNDB	id:	JVNDB-2021-005175	Trust: 0.8
db:	CNNVD	id:	CNNVD-202104-099	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2019-20466	Trust: 0.1
db:	PACKETSTORM	id:	179815	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2019-20466 // JVNDB: JVNDB-2021-005175 // PACKETSTORM: 179815 // CNNVD: CNNVD-202104-099 // NVD: CVE-2019-20466

REFERENCES

url:	https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitors-part-2/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20466	Trust: 1.5
url:	http://seclists.org/fulldisclosure/2024/jul/14	Trust: 1.0
url:	https://cwe.mitre.org/data/definitions/916.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.sannce.com	Trust: 0.1

sources: VULMON: CVE-2019-20466 // JVNDB: JVNDB-2021-005175 // PACKETSTORM: 179815 // CNNVD: CNNVD-202104-099 // NVD: CVE-2019-20466

CREDITS

Willem Westerhof | Secura

Trust: 0.1

sources: OTHER: None

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2019-20466
db:	JVNDB	id:	JVNDB-2021-005175
db:	PACKETSTORM	id:	179815
db:	CNNVD	id:	CNNVD-202104-099
db:	NVD	id:	CVE-2019-20466

LAST UPDATE DATE

2025-01-30T20:59:12.592000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-20466	date:	2021-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-005175	date:	2021-12-09T03:25:00
db:	CNNVD	id:	CNNVD-202104-099	date:	2021-04-09T00:00:00
db:	NVD	id:	CVE-2019-20466	date:	2024-11-21T04:38:32.987

SOURCES RELEASE DATE

db:	OTHER	id:	-	date:	2024-07-26T13:11:06
db:	VULMON	id:	CVE-2019-20466	date:	2021-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-005175	date:	2021-12-09T00:00:00
db:	PACKETSTORM	id:	179815	date:	2024-07-30T12:35:43
db:	CNNVD	id:	CNNVD-202104-099	date:	2021-04-02T00:00:00
db:	NVD	id:	CVE-2019-20466	date:	2021-04-02T16:15:13.193