CVE-2019-10710

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-10710
Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://dojo.bullguard.com/dojo-by-bullguard/blog/cam-hi-risk/ Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hisilicon:hi3510_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hisilicon:hi3510:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2019-04-23 20:32

Updated : 2024-02-04 20:20

NVD link : CVE-2019-10710

Mitre link : CVE-2019-10710

CVE.ORG link : CVE-2019-10710

JSON object : View

Products Affected

hisilicon

  • hi3510
  • hi3510_firmware
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource