Vulnerability CVE-2017-8225


Published: 2017-04-25

Description:
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.

Type:

CWE-522

(Insufficiently Protected Credentials)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Wificam -> Wireless ip camera (p2p) firmware 

 References:
http://seclists.org/fulldisclosure/2017/Mar/23
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-info-leak-goahead

Copyright 2024, cxsecurity.com

 

Back to Top