CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-5560

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0900%
EPSS Percentile35.44th
Published2019年1月31日
Last Modified2024年11月21日

Vulnerability Description

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.

Affected Platforms (CPE)

💻
Guardzilla

Gz521w Firmware

All versions

References & Advisories

🔗 https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/
🔗 https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/
🔗 https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/
🔗 https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/

相關漏洞威脅

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2018-291310.0

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). Supported versions that ...

CVE-2018-377410.0

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, ...

CVE-2018-399110.0

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40...