CVE-2024-4584 - OpenCVE

A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://netsecfish.notion.site/Information-Disclosure-in-Faraday-Technology-Grain-Media-GM828x-GM8181-DVR-via-Unauthenticated-Acc-3d184791c8d7405ba9d6a49e7a5bd918?pvs=4
https://vuldb.com/?ctiid.263306
https://vuldb.com/?id.263306
https://vuldb.com/?submit.324404

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2024-05-07T11:31:04.327Z

Updated: 2024-06-17T18:14:27.902Z

Reserved: 2024-05-07T04:57:49.344Z

Link: CVE-2024-4584

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-07T12:15:10.223

Modified: 2024-06-17T19:15:58.903

Link: CVE-2024-4584

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4584", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-05-07T04:57:49.344Z", "datePublished": "2024-05-07T11:31:04.327Z", "dateUpdated": "2024-06-17T18:14:27.902Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-05-07T11:31:04.327Z"}, "title": "Faraday GM8181/GM828x command_port.ini information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Information Disclosure"}]}], "affected": [{"vendor": "Faraday", "product": "GM8181", "versions": [{"version": "20240429", "status": "affected"}]}, {"vendor": "Faraday", "product": "GM828x", "versions": [{"version": "20240429", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in Faraday GM8181 and GM828x bis 20240429 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /command_port.ini. Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-05-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-05-07T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-05-07T07:02:58.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "netsecfishfish (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.263306", "name": "VDB-263306 | Faraday GM8181/GM828x command_port.ini information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.263306", "name": "VDB-263306 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.324404", "name": "Submit #324404 | Faraday Technology(Grain-Media) DVR GM828x, GM8181 Exposure of Sensitive System Information to an Unauthorized Cont", "tags": ["third-party-advisory"]}, {"url": "https://netsecfish.notion.site/Information-Disclosure-in-Faraday-Technology-Grain-Media-GM828x-GM8181-DVR-via-Unauthenticated-Acc-3d184791c8d7405ba9d6a49e7a5bd918?pvs=4", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "faraday", "product": "gm8181", "cpes": ["cpe:2.3:a:faraday:gm8181:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "20240429", "versionType": "custom"}]}, {"vendor": "faraday", "product": "gm828x", "cpes": ["cpe:2.3:a:faraday:gm828x:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "20240429", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T18:07:13.146095Z", "id": "CVE-2024-4584", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T18:14:27.902Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad clasificada como problem\u00e1tica ha sido encontrada en Faraday GM8181 y GM828x hasta 20240429. Una funci\u00f3n desconocida del archivo /command_port.ini es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-263306 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-4584", "lastModified": "2024-06-17T19:15:58.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-05-07T12:15:10.223", "references": [{"source": "cna@vuldb.com", "url": "https://netsecfish.notion.site/Information-Disclosure-in-Faraday-Technology-Grain-Media-GM828x-GM8181-DVR-via-Unauthenticated-Acc-3d184791c8d7405ba9d6a49e7a5bd918?pvs=4"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.263306"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.263306"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.324404"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cna@vuldb.com", "type": "Primary"}]}