CVE-2018-13115 - OpenCVE

Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Keruigroup	Ypc99 Firmware Ypc99

Configuration 1 [-]

AND

cpe:2.3:o:keruigroup:ypc99_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:keruigroup:ypc99:-:*:*:*:*:*:*:*

References

Link	Resource
https://utkusen.com/blog/multiple-vulnerabilities-on-kerui-endoscope-camera.html	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-10-22T20:00:00

Updated: 2018-10-22T19:57:01

Reserved: 2018-07-03T00:00:00

Link: CVE-2018-13115

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-22T20:29:00.393

Modified: 2019-01-29T16:09:43.287

Link: CVE-2018-13115

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:keruigroup:ypc99_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A648BF89-A0F2-41C9-BFED-3A7CC6618E93", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:keruigroup:ypc99:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CCDD63D-DB5C-49A3-BAF3-362E09CCAE80", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user."}, {"lang": "es", "value": "La falta de un mecanismo de autenticaci\u00f3n en KERUI Wifi Endoscope Camera (YPC99) permite que un atacante vea o bloquee la transmisi\u00f3n de la c\u00e1mara. El servidor RTSP en el puerto 7070 acepta el comando STOP para detener la transmisi\u00f3n y el comando SETSSID para desconectar a un usuario."}], "id": "CVE-2018-13115", "lastModified": "2019-01-29T16:09:43.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-22T20:29:00.393", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://utkusen.com/blog/multiple-vulnerabilities-on-kerui-endoscope-camera.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}