Details of VAR-202108-2308

ID

VAR-202108-2308

TITLE

A SQL injection vulnerability exists in the MSS streaming media server of Suzhou Keda Technology Co., Ltd.

Trust: 0.6

sources: CNVD: CNVD-2021-51864

DESCRIPTION

Suzhou Keda Technology Co., Ltd. is a leading provider of video and security products and solutions. It is committed to helping various government and corporate customers improve communication and management efficiency with video conferencing, video surveillance and rich video application solutions. The MSS streaming media server of Suzhou Keda Technology Co., Ltd. has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.

Trust: 0.6

sources: CNVD: CNVD-2021-51864

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-51864

AFFECTED PRODUCTS

vendor:

keda

model:

mss streaming media server

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-51864

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-51864
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-51864
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-51864

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-51864

Trust: 0.6

sources: CNVD: CNVD-2021-51864

SOURCES

db:

CNVD

id:

CNVD-2021-51864

LAST UPDATE DATE

2022-05-04T10:07:06.491000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-51864

date:

2021-07-19T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-51864

date:

2021-08-18T00:00:00