Sign-up

ID

VAR-202107-0029


CVE

CVE-2019-20467


TITLE

Sannce Smart HD Wifi Security Camera EAN 2 950004 595317  Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-010332

DESCRIPTION

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root and default) exist that can be used on this interface. The usernames and passwords of the backdoor accounts are the same on all devices. Attackers can use these backdoor accounts to obtain access and execute code as root within the device. (DoS) It may be in a state. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Sannce ------------------------------------------ [Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317 ------------------------------------------ [Affected Component] Telnet daemon ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] Anyone with network access to the device can trigger this vulnerability. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. ------------------------------------------ [Reference] https://www.sannce.com Use CVE-2019-20467

Trust: 1.8

sources: NVD: CVE-2019-20467 // JVNDB: JVNDB-2021-010332 // VULMON: CVE-2019-20467 // PACKETSTORM: 179816

AFFECTED PRODUCTS

vendor:sanncemodel:smart hd wifi security camera ean 2 950004 595317scope:eqversion: -

Trust: 1.8

vendor:sanncemodel:smart hd wifi security camera ean 2 950004 595317scope:eqversion:smart hd wifi security camera ean 2 950004 595317 firmware

Trust: 0.8

vendor:sanncemodel:smart hd wifi security camera ean 2 950004 595317scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010332 // NVD: CVE-2019-20467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20467
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-20467
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202107-1748
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-20467
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-20467
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-20467
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-010332 // CNNVD: CNNVD-202107-1748 // NVD: CVE-2019-20467

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-010332 // NVD: CVE-2019-20467

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1748

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-1748

PATCH

title:Top Pageurl:https://www.sannce.com

Trust: 0.8

title:Sannce Smart HD Wifi Security Camera Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157698

Trust: 0.6

sources: JVNDB: JVNDB-2021-010332 // CNNVD: CNNVD-202107-1748

EXTERNAL IDS

db:NVDid:CVE-2019-20467

Trust: 3.5

db:JVNDBid:JVNDB-2021-010332

Trust: 0.8

db:CNNVDid:CNNVD-202107-1748

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2019-20467

Trust: 0.1

db:PACKETSTORMid:179816

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2019-20467 // JVNDB: JVNDB-2021-010332 // PACKETSTORM: 179816 // CNNVD: CNNVD-202107-1748 // NVD: CVE-2019-20467

REFERENCES

url:https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitors-part-2/

Trust: 2.5

url:https://www.sannce.com

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-20467

Trust: 1.5

url:http://seclists.org/fulldisclosure/2024/jul/14

Trust: 1.0

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2019-20467 // JVNDB: JVNDB-2021-010332 // PACKETSTORM: 179816 // CNNVD: CNNVD-202107-1748 // NVD: CVE-2019-20467

CREDITS

Willem Westerhof | Secura

Trust: 0.1

sources: OTHER: None

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2019-20467
db:JVNDBid:JVNDB-2021-010332
db:PACKETSTORMid:179816
db:CNNVDid:CNNVD-202107-1748
db:NVDid:CVE-2019-20467

LAST UPDATE DATE

2025-01-30T21:08:59.222000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-20467date:2021-07-22T00:00:00
db:JVNDBid:JVNDB-2021-010332date:2022-06-29T06:05:00
db:CNNVDid:CNNVD-202107-1748date:2021-08-05T00:00:00
db:NVDid:CVE-2019-20467date:2024-07-30T01:15:10.893

SOURCES RELEASE DATE

db:OTHERid: - date:2024-07-26T13:11:06
db:VULMONid:CVE-2019-20467date:2021-07-22T00:00:00
db:JVNDBid:JVNDB-2021-010332date:2022-06-29T00:00:00
db:PACKETSTORMid:179816date:2024-07-30T12:35:43
db:CNNVDid:CNNVD-202107-1748date:2021-07-22T00:00:00
db:NVDid:CVE-2019-20467date:2021-07-22T13:15:08.027