CVE-2018-16224

{"id": "CVE-2018-16224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-11-20T19:29:00.557", "references": [{"url": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2018/Nov/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device."}, {"lang": "es", "value": "Control de acceso incorrecto para los archivos de diagn\u00f3stico de iSmartAlarm Cube One hasta la versi\u00f3n 2.2.4.10 permite que un atacante los recupere mediante una petici\u00f3n TCP espec\u00edficamente manipulada al puerto 12345 y 22306 y acceda a informaci\u00f3n sensible del dispositivo."}], "lastModified": "2018-12-20T22:15:18.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ismartalarm:cubeone_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A34C43F-BD31-46CC-A875-2BBBFD1A0CE7", "versionEndIncluding": "2.2.4.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ismartalarm:cubeone:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "675B613E-FA9B-49A4-854E-A60CADBD8634"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}