KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.
References
Link | Resource |
---|---|
https://github.com/hucmosin/MyBook/blob/master/KONGTOP_DVR_devices_vulnerability_report-CVE-2018-10734.pdf | Third Party Advisory |
https://github.com/hucmosin/MyBook/blob/master/fu/DVR.pdf | Third Party Advisory |
https://github.com/hucmosin/Python_Small_Tool/blob/master/other/DVR_POC.py | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
No history.
Information
Published : 2018-05-08 07:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-10734
Mitre link : CVE-2018-10734
CVE.ORG link : CVE-2018-10734
JSON object : View
Products Affected
kongtop
- d403_firmware
- d403
- a303_firmware
- d305
- a303
- a403
- d303_firmware
- d305_firmware
- a403_firmware
- d303
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor