CVE-2022-37063 | All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript ... detail » | 18. 8. 2022 |
CVE-2022-37062 | All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit ... detail » | 18. 8. 2022 |
CVE-2022-37061 | All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id ... detail » | 18. 8. 2022 |
CVE-2022-28861 | The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to ... detail » | 21. 7. 2022 |
CVE-2022-28860 | An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. detail » | 21. 7. 2022 |
CVE-2022-34540 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/license/license_tok.cgi. This vulnerability is exploitable via a crafted POST ... detail » | 19. 7. 2022 |
CVE-2022-34539 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/curltest.cgi. This vulnerability is exploitable via a crafted POST request. detail » | 19. 7. 2022 |
CVE-2022-34538 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. This vulnerability is exploitable via a crafted POST ... detail » | 19. 7. 2022 |
CVE-2022-34537 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi. detail » | 19. 7. 2022 |
CVE-2022-34536 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log file and perform session hijacking via a crafted session token. detail » | 19. 7. 2022 |
CVE-2022-34535 | Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated attackers to view internal paths and scripts via web files. detail » | 19. 7. 2022 |
CVE-2022-30620 | On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", ... detail » | 18. 7. 2022 |
CVE-2021-44954 | In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. detail » | 17. 7. 2022 |
CVE-2021-41419 | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. detail » | 17. 7. 2022 |
CVE-2021-40150 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI ... detail » | 17. 7. 2022 |
CVE-2021-40149 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI. detail » | 17. 7. 2022 |
CVE-2021-41506 | Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, ... detail » | 30. 6. 2022 |
CVE-2022-28172 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending ... detail » | 27. 6. 2022 |
CVE-2022-28171 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted ... detail » | 27. 6. 2022 |
CVE-2022-33119 | NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. detail » | 21. 6. 2022 |
CVE-2022-31875 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi detail » | 17. 6. 2022 |
CVE-2022-31873 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. detail » | 17. 6. 2022 |
CVE-2018-17240 | There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). detail » | 10. 6. 2022 |
CVE-2019-25063 | A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is ... detail » | 4. 6. 2022 |
CVE-2019-25062 | A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be ... detail » | 4. 6. 2022 |
CVE-2021-3555 | A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and ... detail » | 31. 5. 2022 |
CVE-2021-43517 | FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. detail » | 8. 4. 2022 |
CVE-2021-23851 | A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with ... detail » | 30. 3. 2022 |
CVE-2021-23850 | A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with ... detail » | 30. 3. 2022 |
CVE-2022-26259 | A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to ... detail » | 27. 3. 2022 |
CVE-2021-4045 | TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability ... detail » | 7. 3. 2022 |
CVE-2022-25012 | Argus Surveillance DVR v4.0 employs weak password encryption. detail » | 1. 3. 2022 |
CVE-2022-24610 | Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes ... detail » | 24. 2. 2022 |
CVE-2022-23227 | NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined ... detail » | 14. 1. 2022 |
CVE-2021-36199 | Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop. detail » | 14. 1. 2022 |
CVE-2021-23862 | A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM ... detail » | 8. 12. 2021 |
CVE-2021-23861 | By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also ... detail » | 8. 12. 2021 |
CVE-2021-23860 | An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue ... detail » | 8. 12. 2021 |
CVE-2021-23859 | An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further ... detail » | 8. 12. 2021 |
CVE-2021-26611 | HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) detail » | 26. 11. 2021 |
CVE-2021-20844 | Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 ... detail » | 24. 11. 2021 |
CVE-2021-20843 | Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote ... detail » | 24. 11. 2021 |
CVE-2021-42261 | Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of ... detail » | 19. 10. 2021 |
CVE-2021-41504 | ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack ... detail » | 24. 9. 2021 |
CVE-2021-41503 | ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may ... detail » | 24. 9. 2021 |
CVE-2021-33554 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33553 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33552 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33551 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33550 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33549 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33548 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33547 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33546 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33545 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33544 | Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. detail » | 13. 9. 2021 |
CVE-2021-33543 | Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and ... detail » | 13. 9. 2021 |
CVE-2021-34346 | A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this ... detail » | 10. 9. 2021 |
CVE-2021-34345 | A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this ... detail » | 10. 9. 2021 |
CVE-2021-22943 | A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This ... detail » | 31. 8. 2021 |
CVE-2020-15744 | Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version ... detail » | 30. 8. 2021 |
CVE-2019-9657 | Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the ... detail » | 11. 7. 2019 |
CVE-2017-8229 | Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one ... detail » | 3. 7. 2019 |
CVE-2017-13719 | The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is ... detail » | 3. 7. 2019 |
CVE-2017-8405 | An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address ... detail » | 2. 7. 2019 |
CVE-2019-7315 | Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, ... detail » | 17. 6. 2019 |
CVE-2019-9676 | Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing ... detail » | 12. 6. 2019 |
CVE-2017-18377 | An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a ... detail » | 11. 6. 2019 |
CVE-2019-12502 | There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. detail » | 31. 5. 2019 |
CVE-2018-7829 | An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands. detail » | 22. 5. 2019 |
CVE-2018-7828 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into ... detail » | 22. 5. 2019 |
CVE-2018-7827 | A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser ... detail » | 22. 5. 2019 |
CVE-2018-7826 | A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. detail » | 22. 5. 2019 |
CVE-2018-7825 | A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. detail » | 22. 5. 2019 |
CVE-2018-7816 | A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file. detail » | 22. 5. 2019 |
CVE-2019-6973 | Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) ... detail » | 17. 3. 2019 |
CVE-2018-18244 | Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. detail » | 3. 1. 2019 |
CVE-2018-18005 | Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. detail » | 3. 1. 2019 |
CVE-2018-18004 | Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter. detail » | 3. 1. 2019 |
CVE-2018-18602 | The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring. detail » | 31. 12. 2018 |
CVE-2018-20342 | The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. detail » | 21. 12. 2018 |
CVE-2018-18441 | D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, ... detail » | 20. 12. 2018 |
CVE-2018-20299 | An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of ... detail » | 19. 12. 2018 |
CVE-2018-19036 | An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. detail » | 17. 12. 2018 |
CVE-2018-19007 | In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. detail » | 14. 12. 2018 |
CVE-2018-20050 | Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and ... detail » | 10. 12. 2018 |
CVE-2018-19864 | NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the ... detail » | 5. 12. 2018 |
CVE-2018-15716 | NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. detail » | 30. 11. 2018 |
CVE-2018-3935 | An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. ... detail » | 2. 11. 2018 |
CVE-2018-3934 | An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication ... detail » | 2. 11. 2018 |
CVE-2018-3920 | An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and ... detail » | 2. 11. 2018 |
CVE-2018-3899 | An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The ... detail » | 2. 11. 2018 |
CVE-2018-3898 | An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The ... detail » | 2. 11. 2018 |
CVE-2018-3892 | An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker ... detail » | 2. 11. 2018 |
CVE-2018-3891 | An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker ... detail » | 2. 11. 2018 |
CVE-2018-3890 | An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. ... detail » | 2. 11. 2018 |
CVE-2018-3947 | An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. detail » | 1. 11. 2018 |
CVE-2018-3928 | An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. ... detail » | 1. 11. 2018 |
CVE-2018-3910 | An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker ... detail » | 1. 11. 2018 |
CVE-2018-3900 | An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker ... detail » | 1. 11. 2018 |
CVE-2018-13115 | Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command ... detail » | 22. 10. 2018 |
CVE-2018-13114 | Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as ... detail » | 22. 10. 2018 |
CVE-2018-18026 | IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to ... detail » | 19. 10. 2018 |
CVE-2018-12674 | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it ... detail » | 19. 10. 2018 |
CVE-2018-12673 | An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, ... detail » | 19. 10. 2018 |
CVE-2018-12672 | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this ... detail » | 19. 10. 2018 |
CVE-2018-12671 | An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set ... detail » | 19. 10. 2018 |
CVE-2018-12670 | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. detail » | 19. 10. 2018 |
CVE-2018-12669 | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi. detail » | 19. 10. 2018 |
CVE-2018-12668 | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. detail » | 19. 10. 2018 |
CVE-2018-12667 | The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a ... detail » | 19. 10. 2018 |
CVE-2018-12666 | SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain ... detail » | 19. 10. 2018 |
CVE-2018-13111 | There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device. detail » | 21. 9. 2018 |
CVE-2017-2879 | An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer ... detail » | 19. 9. 2018 |
CVE-2017-2878 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer ... detail » | 19. 9. 2018 |
CVE-2017-2877 | A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the ... detail » | 19. 9. 2018 |
CVE-2017-2876 | An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a ... detail » | 19. 9. 2018 |
CVE-2017-2875 | An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a ... detail » | 19. 9. 2018 |
CVE-2017-2873 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user ... detail » | 19. 9. 2018 |
CVE-2017-2855 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept ... detail » | 19. 9. 2018 |
CVE-2017-2874 | An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user ... detail » | 17. 9. 2018 |
CVE-2017-2872 | Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a ... detail » | 17. 9. 2018 |
CVE-2017-2857 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept ... detail » | 17. 9. 2018 |
CVE-2017-2856 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept ... detail » | 17. 9. 2018 |
CVE-2017-2854 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept ... detail » | 17. 9. 2018 |
CVE-2018-16946 | LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without ... detail » | 11. 9. 2018 |
CVE-2018-0663 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an ... detail » | 7. 9. 2018 |
CVE-2018-0662 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to ... detail » | 7. 9. 2018 |
CVE-2018-0661 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to ... detail » | 7. 9. 2018 |
CVE-2018-15745 | Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. detail » | 30. 8. 2018 |
CVE-2018-11654 | Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. detail » | 24. 8. 2018 |
CVE-2018-11653 | Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and ... detail » | 24. 8. 2018 |
CVE-2018-3938 | An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer ... detail » | 14. 8. 2018 |
CVE-2018-3937 | An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to ... detail » | 14. 8. 2018 |
CVE-2018-6414 | A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can ... detail » | 13. 8. 2018 |
CVE-2018-14933 | upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. detail » | 4. 8. 2018 |
CVE-2017-3223 | Dahua IP camera products using firmware versions prior to
V2.400.0000.14.R.20170713 include a version of the Sonia web interface
that may be vulnerable to a stack buffer overflow. Dahua IP camera
products include an ... detail » | 24. 7. 2018 |
CVE-2018-14064 | The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. detail » | 15. 7. 2018 |
CVE-2018-6832 | Stack-based buffer overflow in the getSWFlag function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, ... detail » | 9. 7. 2018 |
CVE-2018-6831 | The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3
with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P
V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2,
FI9821P V3, ... detail » | 9. 7. 2018 |
CVE-2018-6830 | Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P ... detail » | 9. 7. 2018 |
CVE-2018-7782 | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. detail » | 3. 7. 2018 |
CVE-2018-7781 | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in ... detail » | 3. 7. 2018 |
CVE-2018-7780 | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". detail » | 3. 7. 2018 |
CVE-2018-12499 | The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one ... detail » | 2. 7. 2018 |
CVE-2018-10664 | An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. detail » | 26. 6. 2018 |
CVE-2018-10663 | An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. detail » | 26. 6. 2018 |
CVE-2018-10662 | An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. detail » | 26. 6. 2018 |
CVE-2018-10661 | An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. detail » | 26. 6. 2018 |
CVE-2018-10660 | An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. detail » | 26. 6. 2018 |
CVE-2018-10659 | There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that ... detail » | 26. 6. 2018 |
CVE-2018-10658 | There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. detail » | 26. 6. 2018 |
CVE-2018-12640 | The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100. detail » | 23. 6. 2018 |
CVE-2018-11560 | The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to ... detail » | 23. 6. 2018 |
CVE-2018-8727 | Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. detail » | 19. 6. 2018 |
CVE-2018-11689 | Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from ... detail » | 14. 6. 2018 |
CVE-2018-3852 | An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An ... detail » | 6. 6. 2018 |
CVE-2018-11523 | upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. detail » | 29. 5. 2018 |
CVE-2018-10734 | KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances. detail » | 8. 5. 2018 |
CVE-2018-4849 | A vulnerability has been identified in Siveillance VMS Video for
Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for
iOS (All versions < V12.1a (2018 R1)). Improper certificate validation
could ... detail » | 3. 5. 2018 |
CVE-2018-10676 | CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI. detail » | 2. 5. 2018 |
CVE-2017-17020 | On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010
devices with firmware 1.14.09 and earlier, and DCS-5020L devices with
firmware before 1.15.01, command injection in alphapd (binary
responsible for ... detail » | 1. 5. 2018 |
CVE-2018-7891 | The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization ... detail » | 30. 4. 2018 |
CVE-2018-8072 | An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote ... detail » | 26. 4. 2018 |
CVE-2017-2833 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user ... detail » | 24. 4. 2018 |
CVE-2017-2832 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user ... detail » | 24. 4. 2018 |
CVE-2018-6413 | There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted ... detail » | 18. 4. 2018 |
CVE-2017-2871 | Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote ... detail » | 17. 4. 2018 |
CVE-2018-9995 | TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, ... detail » | 10. 4. 2018 |
CVE-2018-9158 | An issue was discovered on AXIS M1033-W (IP camera) Firmware version
5.40.5.1 devices. They don't employ a suitable mechanism to prevent a
DoS attack, which leads to a response time delay. An attacker can use
the hping3 ... detail » | 1. 4. 2018 |
CVE-2017-11510 | An information leak exists in Wanscam's HW0021 network camera that
allows an unauthenticated remote attacker to recover the administrator
username and password via an ONVIF GetSnapshotUri request.
detail » | 28. 3. 2018 |
CVE-2018-7532 | Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. detail » | 22. 3. 2018 |
CVE-2018-7528 | An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. detail » | 22. 3. 2018 |
CVE-2018-7524 | A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the ... detail » | 22. 3. 2018 |
CVE-2018-7520 | An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including ... detail » | 22. 3. 2018 |
CVE-2018-7516 | A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. detail » | 22. 3. 2018 |
CVE-2018-7512 | A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. detail » | 22. 3. 2018 |
CVE-2018-6302 | Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams detail » | 13. 3. 2018 |
CVE-2018-6301 | Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams detail » | 13. 3. 2018 |
CVE-2018-7698 | An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L
1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the
username and password for connected D-Link cameras (such as DCS-933L
and DCS-934L) ... detail » | 5. 3. 2018 |
CVE-2017-11635 | An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card. detail » | 26. 2. 2018 |
CVE-2017-11634 | An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., ... detail » | 26. 2. 2018 |
CVE-2017-11633 | An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field. detail » | 26. 2. 2018 |
CVE-2017-11632 | An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session. detail » | 26. 2. 2018 |
CVE-2017-17101 | An issue was discovered in Apexis APM-H803-MPC software, as used with
many different models of IP Camera. An unprotected CGI method inside
the web application permits an unauthenticated user to bypass the
login screen ... detail » | 19. 2. 2018 |
CVE-2014-3972 | Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors. detail » | 19. 2. 2018 |
CVE-2018-6479 | An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI. detail » | 31. 1. 2018 |
CVE-2017-5170 | An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To ... detail » | 18. 1. 2018 |
CVE-2018-5726 | MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings. detail » | 16. 1. 2018 |
CVE-2018-5725 | MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. detail » | 16. 1. 2018 |
CVE-2018-5724 | MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi. detail » | 16. 1. 2018 |
CVE-2018-5723 | MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account. detail » | 16. 1. 2018 |
CVE-2017-16725 | A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an ... detail » | 20. 12. 2017 |
CVE-2017-17761 | An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary ... detail » | 19. 12. 2017 |
CVE-2017-17107 | Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded
cat1029 password for the root user. The SONIX operating system's setup
renders this password unchangeable and it can be used to access the
device via a ... detail » | 18. 12. 2017 |
CVE-2017-17106 | Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of ... detail » | 18. 12. 2017 |
CVE-2017-17105 | Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as ... detail » | 18. 12. 2017 |
CVE-2017-3186 | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default ... detail » | 15. 12. 2017 |
CVE-2017-3185 | ACTi cameras including the D, B, I, and E series using firmware
version A1D-500-V6.11.31-AC have a web application that uses the GET
method to process requests that contain sensitive information such as
user account name ... detail » | 15. 12. 2017 |
CVE-2017-3184 | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability ... detail » | 15. 12. 2017 |
CVE-2017-14953 | ** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi ... detail » | 1. 12. 2017 |
CVE-2017-9315 | Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism ... detail » | 28. 11. 2017 |
CVE-2017-16566 | On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and ... detail » | 17. 11. 2017 |
CVE-2017-9314 | Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to ... detail » | 13. 11. 2017 |
CVE-2017-15885 | Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap ... detail » | 25. 10. 2017 |
CVE-2017-15290 | Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the ... detail » | 12. 10. 2017 |
CVE-2017-15236 | Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and ... detail » | 10. 10. 2017 |
CVE-2017-14263 | Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request ... detail » | 11. 9. 2017 |
CVE-2017-14262 | On Samsung NVR devices, remote attackers can read the MD5 password hash
of the 'admin' account via certain szUserName JSON data to
cgi-bin/main-cgi, and login to the device with that hash in the
szUserPasswd parameter.
detail » | 11. 9. 2017 |
CVE-2017-13774 | Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. detail » | 30. 8. 2017 |
CVE-2015-4464 | Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. detail » | 18. 8. 2017 |
CVE-2015-2280 | snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell ... detail » | 24. 7. 2017 |
CVE-2017-9765 | Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and
2.8.x before 2.8.48, as used on Axis cameras and other devices, allows
remote attackers to execute arbitrary code or cause a denial of ... detail » | 19. 7. 2017 |
CVE-2017-10796 | On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. detail » | 2. 7. 2017 |
CVE-2017-2851 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. detail » | 29. 6. 2017 |
CVE-2017-2850 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during ... detail » | 29. 6. 2017 |
CVE-2017-2849 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server ... detail » | 29. 6. 2017 |
CVE-2017-2848 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network ... detail » | 29. 6. 2017 |
CVE-2017-2847 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network ... detail » | 29. 6. 2017 |
CVE-2017-2846 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network ... detail » | 29. 6. 2017 |
CVE-2017-2845 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user ... detail » | 29. 6. 2017 |
CVE-2017-2844 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration ... detail » | 29. 6. 2017 |
CVE-2017-2843 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" ... detail » | 27. 6. 2017 |
CVE-2017-2842 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" ... detail » | 27. 6. 2017 |
CVE-2017-2841 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user ... detail » | 27. 6. 2017 |
CVE-2017-9829 | '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the
VIVOTEK Network Cameras is vulnerable, which allows remote attackers to
read any file on the camera's Linux filesystem via a crafted HTTP
request ... detail » | 23. 6. 2017 |
CVE-2017-9828 | '/cgi-bin/admin/testserver.cgi' of the web service in most of the
VIVOTEK Network Cameras is vulnerable to shell command injection, which
allows remote attackers to execute any shell command as root via a
crafted HTTP ... detail » | 23. 6. 2017 |
CVE-2017-2831 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer ... detail » | 21. 6. 2017 |
CVE-2017-2830 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer ... detail » | 21. 6. 2017 |
CVE-2017-2829 | An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the ... detail » | 21. 6. 2017 |
CVE-2017-2828 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user ... detail » | 21. 6. 2017 |
CVE-2017-2827 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user ... detail » | 21. 6. 2017 |
CVE-2017-2805 | An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting ... detail » | 21. 6. 2017 |
CVE-2016-8731 | Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked ... detail » | 21. 6. 2017 |
CVE-2017-5174 | An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow ... detail » | 18. 5. 2017 |
CVE-2017-5173 | An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been ... detail » | 18. 5. 2017 |
CVE-2017-7927 | A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, ... detail » | 5. 5. 2017 |
CVE-2017-7925 | A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, ... detail » | 5. 5. 2017 |
CVE-2017-7923 | A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series ... detail » | 5. 5. 2017 |
CVE-2017-7921 | An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 ... detail » | 5. 5. 2017 |
CVE-2015-8257 | The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) ... detail » | 2. 5. 2017 |
CVE-2017-8225 | On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas ... detail » | 25. 4. 2017 |
CVE-2017-8224 | Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. detail » | 25. 4. 2017 |
CVE-2017-8223 | On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0. detail » | 25. 4. 2017 |
CVE-2017-8222 | Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain ... detail » | 25. 4. 2017 |
CVE-2017-8221 | Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain ... detail » | 25. 4. 2017 |
CVE-2017-7852 | D-Link DCS cameras have a weak/insecure CrossDomain.XML file that
allows sites hosting malicious Flash objects to access and/or change
the device's settings via a CSRF attack. This is because of the
'allow-access-from ... detail » | 24. 4. 2017 |
CVE-2015-8256 | Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. detail » | 17. 4. 2017 |
CVE-2016-7834 | SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, ... detail » | 13. 4. 2017 |
CVE-2017-7462 | Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. detail » | 11. 4. 2017 |
CVE-2017-7461 | Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI ... detail » | 11. 4. 2017 |
CVE-2015-8258 | AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." detail » | 9. 4. 2017 |
CVE-2015-8255 | AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. detail » | 9. 4. 2017 |
CVE-2017-7253 | Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as ... detail » | 30. 3. 2017 |
CVE-2017-5675 | A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an ... detail » | 13. 3. 2017 |
CVE-2017-5674 | A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1
" - note the lack ... detail » | 13. 3. 2017 |
CVE-2015-4409 | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. detail » | 13. 3. 2017 |
CVE-2015-4408 | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI ... detail » | 13. 3. 2017 |
CVE-2015-4407 | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue. detail » | 13. 3. 2017 |
CVE-2017-6432 | An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle ... detail » | 9. 3. 2017 |
CVE-2017-6343 | The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login ... detail » | 27. 2. 2017 |
CVE-2017-6342 | An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is ... detail » | 27. 2. 2017 |
CVE-2017-6341 | Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web ... detail » | 27. 2. 2017 |
CVE-2017-5368 | ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in ... detail » | 6. 2. 2017 |
CVE-2017-5367 | Multiple reflected XSS vulnerabilities exist within form and link input
parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server
web application, which allows a remote attacker to execute malicious
scripts ... detail » | 6. 2. 2017 |
CVE-2016-10140 | Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all ... detail » | 13. 1. 2017 |
CVE-2016-9155 | The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, ... detail » | 22. 11. 2016 |
CVE-2016-5680 | Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the ... detail » | 31. 8. 2016 |
CVE-2016-5679 | cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the ... detail » | 31. 8. 2016 |
CVE-2016-5678 | NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. detail » | 31. 8. 2016 |
CVE-2016-5677 | NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to ... detail » | 31. 8. 2016 |
CVE-2016-5676 | cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a ... detail » | 31. 8. 2016 |
CVE-2016-5675 | handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to ... detail » | 31. 8. 2016 |
CVE-2016-5674 | __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the ... detail » | 31. 8. 2016 |
CVE-2016-4520 | Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via ... detail » | 15. 7. 2016 |
CVE-2015-8286 | Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. detail » | 17. 2. 2016 |
CVE-2015-8039 | Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which ... detail » | 2. 11. 2015 |
CVE-2015-2866 | SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted ... detail » | 8. 7. 2015 |
CVE-2014-1902 | Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam ... detail » | 13. 5. 2015 |
CVE-2014-1901 | Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam ... detail » | 13. 5. 2015 |
CVE-2014-1900 | Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam ... detail » | 13. 5. 2015 |
CVE-2015-2096 | Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page ... detail » | 9. 3. 2015 |
CVE-2015-2095 | Heap-based buffer overflow in the SetConnectInfo function in the WESPPTZ.WESPPTZCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via crafted arguments. detail » | 9. 3. 2015 |
CVE-2014-10011 | Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) ... detail » | 13. 1. 2015 |
CVE-2014-9517 | Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm. detail » | 5. 1. 2015 |
CVE-2014-8006 | The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. detail » | 16. 12. 2014 |
CVE-2014-9263 | Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) ... detail » | 8. 12. 2014 |
CVE-2014-4880 | Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. detail » | 8. 12. 2014 |
CVE-2014-9238 | D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. detail » | 3. 12. 2014 |
CVE-2014-9234 | Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. detail » | 3. 12. 2014 |
CVE-2014-8756 | The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address. detail » | 17. 10. 2014 |
CVE-2014-8755 | Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in ... detail » | 17. 10. 2014 |
CVE-2014-3895 | The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE ... detail » | 29. 7. 2014 |
CVE-2013-6117 | Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via ... detail » | 11. 7. 2014 |
CVE-2014-1849 | Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras ... detail » | 13. 5. 2014 |
CVE-2013-1605 | Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request. detail » | 25. 3. 2014 |
CVE-2013-1604 | Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. detail » | 25. 3. 2014 |
CVE-2014-1911 | The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. detail » | 6. 3. 2014 |
CVE-2013-4981 | Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly ... detail » | 3. 3. 2014 |
CVE-2013-4980 | Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly ... detail » | 3. 3. 2014 |
CVE-2013-4977 | Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and ... detail » | 3. 3. 2014 |
CVE-2014-0673 | Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs ... detail » | 25. 1. 2014 |
CVE-2013-7204 | Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that ... detail » | 17. 1. 2014 |
CVE-2013-5215 | Cross-site scripting (XSS) vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID. detail » | 19. 11. 2013 |
CVE-2013-6023 | Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI. detail » | 2. 11. 2013 |
CVE-2013-3687 | AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and ... detail » | 11. 10. 2013 |
CVE-2013-3686 | cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action. detail » | 11. 10. 2013 |
CVE-2013-2581 | cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a ... detail » | 11. 10. 2013 |
CVE-2013-2580 | Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers ... detail » | 11. 10. 2013 |
CVE-2013-2579 | TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote ... detail » | 11. 10. 2013 |
CVE-2013-2578 | cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via ... detail » | 11. 10. 2013 |
CVE-2013-3689 | Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote ... detail » | 4. 10. 2013 |
CVE-2013-3543 | The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) ... detail » | 4. 10. 2013 |
CVE-2013-3541 | Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePath parameter. detail » | 4. 10. 2013 |
CVE-2013-3540 | Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to ... detail » | 4. 10. 2013 |
CVE-2013-3963 | Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other ... detail » | 1. 10. 2013 |
CVE-2013-3962 | Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware ... detail » | 1. 10. 2013 |
CVE-2013-3690 | Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows ... detail » | 1. 10. 2013 |
CVE-2013-3688 | The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows ... detail » | 1. 10. 2013 |
CVE-2013-3539 | Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera ... detail » | 1. 10. 2013 |
CVE-2013-5754 | The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access ... detail » | 17. 9. 2013 |
CVE-2013-3615 | Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. detail » | 17. 9. 2013 |
CVE-2013-3614 | Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack. detail » | 17. 9. 2013 |
CVE-2013-3613 | Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. detail » | 17. 9. 2013 |
CVE-2013-3612 | Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization ... detail » | 17. 9. 2013 |
CVE-2013-3586 | Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. detail » | 27. 8. 2013 |
CVE-2013-3585 | Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup ... detail » | 27. 8. 2013 |
CVE-2013-0144 | Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create ... detail » | 7. 6. 2013 |
CVE-2013-0143 | cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access ... detail » | 7. 6. 2013 |
CVE-2013-0142 | QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified ... detail » | 7. 6. 2013 |
CVE-2013-0139 | The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69. detail » | 18. 4. 2013 |
CVE-2011-5261 | Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis
M10 Series Network Cameras M1054 firmware 5.21 and earlier allows
remote attackers to inject arbitrary web script or HTML via the
pageTitle parameter ... detail » | 12. 2. 2013 |
CVE-2012-4046 | The D-Link DCS-932L camera with firmware 1.02 allows remote attackers
to discover the password via a UDP broadcast packet, as demonstrated
by running the D-Link Setup Wizard and reading the _paramR["P"] value.
detail » | 24. 12. 2012 |
CVE-2012-3002 | The web interface on (1) Foscam and (2) Wansview IP cameras allows
remote attackers to bypass authentication, and perform administrative
functions or read the admin password, via a direct request to an
unspecified URL.
detail » | 21. 12. 2012 |
CVE-2010-4964 | recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04
allows remote attackers to execute arbitrary commands via shell
metacharacters in the Password field, related to a "semicolon
injection" ... detail » | 16. 10. 2011 |
CVE-2010-4234 | The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz
CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote
attackers to cause a denial of service (device reboot) via a large
number of ... detail » | 16. 11. 2010 |
CVE-2009-2306 | The ARD-9808 DVR card security camera stores sensitive information
under the web root with insufficient access control, which allows
remote attackers to download a file containing usernames and passwords
via a direct ... detail » | 2. 7. 2009 |
CVE-2009-2305 | The ARD-9808 DVR card security camera allows remote attackers to cause
a denial of service via a long URI composed of //.\ (slash slash dot
backslash) sequences.
detail » | 2. 7. 2009 |
CVE-2009-1092 | Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX
control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote
attackers to execute arbitrary code by calling the GetAudioPlayingTime
method with ... detail » | 25. 3. 2009 |
CVE-2009-0644 | The HTTP interface in Swann DVR4-SecuraNet has a certain default
administrative username and password, which makes it easier for remote
attackers to obtain privileged access.
detail » | 18. 2. 2009 |
CVE-2009-0640 | Directory traversal vulnerability in the administrative web server in
Swann DVR4-SecuraNet allows remote attackers to read arbitrary files
via a .. (dot dot) in the URI, as demonstrated by reading the
vy_netman.cfg file ... detail » | 18. 2. 2009 |
CVE-2007-6638 | March Networks DVR 3204 stores sensitive information under the web
root with insufficient access control, which allows remote attackers
to obtain usernames, passwords, device names, and IP addresses via a
direct request ... detail » | 3. 1. 2008 |
CVE-2007-5214 | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100
Network Camera 2.02 with firmware 2.43 and earlier allow remote
attackers to inject arbitrary web script or HTML via (1) the PATH_INFO
to the default ... detail » | 4. 10. 2007 |
CVE-2007-5213 | Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS
2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote
attackers to perform actions as administrators, as demonstrated by (1)
an SMTP ... detail » | 4. 10. 2007 |
CVE-2007-5212 | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100
Network Camera 2.02 with firmware before 2.43 allow remote attackers
to inject arbitrary web script or HTML via (1) parameters associated
with saved ... detail » | 4. 10. 2007 |
CVE-2007-4930 | Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS
207W camera allow remote attackers to perform certain actions as
administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and
sgrp parameters ... detail » | 18. 9. 2007 |
CVE-2007-4929 | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W
camera allow remote attackers to inject arbitrary web script or HTML
via the camNo parameter to incl/image_incl.shtml, and other
unspecified vectors.
detail » | 18. 9. 2007 |
CVE-2007-4928 | The AXIS 207W camera stores a WEP or WPA key in cleartext in the
configuration file, which might allow local users to obtain sensitive
information.
detail » | 18. 9. 2007 |
CVE-2007-4927 | axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote
authenticated users to cause a denial of service (reboot) via many
requests with unique buffer names in the buffername parameter in a
start action.
detail » | 18. 9. 2007 |
CVE-2007-4926 | The AXIS 207W camera uses a base64-encoded cleartext username and
password for authentication, which allows remote attackers to obtain
sensitive information by sniffing the wireless network or by
leveraging unspecified ... detail » | 18. 9. 2007 |
CVE-2007-4583 | Multiple absolute path traversal vulnerabilities in the
nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi
Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1)
create or overwrite ... detail » | 28. 8. 2007 |
CVE-2007-4582 | Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX
control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video
Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary
code via a long second ... detail » | 28. 8. 2007 |
CVE-2007-3488 | Heap-based buffer overflow in the viewer ActiveX control in Sony
Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29;
SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before
1.18; SNC-RZ50N and ... detail » | 29. 6. 2007 |
CVE-2007-2680 | Cross-site scripting (XSS) vulnerability in the management interface
in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69
and earlier, and VB150 with firmware 1.1 R39 and earlier, allows
remote attackers ... detail » | 14. 5. 2007 |
CVE-2007-2239 | Stack-based buffer overflow in the SaveBMP method in the AXIS Camera
Control (aka CamImage) ActiveX control before 2.40.0.0 in
AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR,
2400, 2400+, 2401, ... detail » | 7. 5. 2007 |
CVE-2007-0877 | Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital
Video Recorders allows attackers to cause an unspecified denial of
service. NOTE: the provenance of this information is unknown; the
details are ... detail » | 12. 2. 2007 |
CVE-2006-3604 | Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and
earlier allows remote attackers to bypass access restrictions for (1)
admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and
encoded / (%2f) ... detail » | 14. 7. 2006 |
CVE-2006-3603 | Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH
Network Camera 3.0 and earlier allows remote attackers to inject
arbitrary web script or HTML via the URL.
detail » | 14. 7. 2006 |
CVE-2006-2490 | Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP
Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before
2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to
inject ... detail » | 19. 5. 2006 |
CVE-2004-2508 | Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B
Wireless-B Internet Video Camera allows remote attackers to inject
arbitrary web script or HTML via the next_file parameter.
detail » | 25. 10. 2005 |
CVE-2004-2507 | Absolute path traversal vulnerability in main.cgi in Linksys WVC11B
Wireless-B Internet Video Camera allows remote attackers to read
arbitrary files via an absolute pathname in the next_file parameter.
detail » | 25. 10. 2005 |
CVE-2004-2427 | Axis Network Camera 2.40 and earlier, and Video Server 3.12 and
earlier, allows remote attackers to obtain sensitive information via
direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi,
(3) ... detail » | 18. 8. 2005 |
CVE-2004-2426 | Directory traversal vulnerability in Axis Network Camera 2.40 and
earlier, and Video Server 3.12 and earlier, allows remote attackers to
bypass authentication via a .. (dot dot) in an HTTP POST request ... detail » | 18. 8. 2005 |
CVE-2004-2425 | Axis Network Camera 2.40 and earlier, and Video Server 3.12 and
earlier, allows remote attackers to execute arbitrary commands via
accent (`) and possibly other shell metacharacters in the query string
to ... detail » | 18. 8. 2005 |
CVE-2004-1650 | D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP
address, which allows remote attackers to change the IP address of the
camera via a UDP broadcast packet.
detail » | 20. 2. 2005 |
CVE-2003-0240 | The web-based administration capability for various Axis Network
Camera products allows remote attackers to bypass access restrictions
and modify configuration via an HTTP request to the admin/admin.shtml
containing a ... detail » | 30. 5. 2003 |