Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13114 | 1 Keruigroup | 2 Ypc99, Ypc99 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command. | |||||
CVE-2018-13115 | 1 Keruigroup | 2 Ypc99, Ypc99 Firmware | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user. |