Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by ishekar
VAR-201906-0709
Vulnerability from variot - Updated: 2023-12-18 12:00Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. Shekar Endoscope Contains an access control vulnerability.Information may be tampered with. SHEKAR Technology Endoscope is a portable endoscope device from China SHEKAR Technology Company. There is a security vulnerability in SHEKAR Technology Endoscope. Attackers can exploit this vulnerability to obtain video content and images or cause other harm
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0709",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "endoscope camera",
"scope": "eq",
"trust": 1.0,
"vendor": "ishekar",
"version": "*"
},
{
"model": "endoscope",
"scope": null,
"trust": 0.8,
"vendor": "shekar",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014515"
},
{
"db": "NVD",
"id": "CVE-2017-10721"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10721"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153241"
}
],
"trust": 0.1
},
"cve": "CVE-2017-10721",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-10721",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-101072",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-10721",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10721",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-670",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101072",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-10721",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101072"
},
{
"db": "VULMON",
"id": "CVE-2017-10721"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014515"
},
{
"db": "NVD",
"id": "CVE-2017-10721"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-670"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. Shekar Endoscope Contains an access control vulnerability.Information may be tampered with. SHEKAR Technology Endoscope is a portable endoscope device from China SHEKAR Technology Company. There is a security vulnerability in SHEKAR Technology Endoscope. Attackers can exploit this vulnerability to obtain video content and images or cause other harm",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10721"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014515"
},
{
"db": "VULHUB",
"id": "VHN-101072"
},
{
"db": "VULMON",
"id": "CVE-2017-10721"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10721",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "153241",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014515",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-670",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101072",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-10721",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101072"
},
{
"db": "VULMON",
"id": "CVE-2017-10721"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014515"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10721"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-670"
}
]
},
"id": "VAR-201906-0709",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101072"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:00:04.634000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "endoscope",
"trust": 0.8,
"url": "http://ishekar.com/en/products/endoscope/"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-10721"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014515"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101072"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014515"
},
{
"db": "NVD",
"id": "CVE-2017-10721"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10721"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10721"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10724"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101072"
},
{
"db": "VULMON",
"id": "CVE-2017-10721"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014515"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10721"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-670"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101072"
},
{
"db": "VULMON",
"id": "CVE-2017-10721"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014515"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10721"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-670"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101072"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10721"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014515"
},
{
"date": "2019-06-09T09:32:22",
"db": "PACKETSTORM",
"id": "153241"
},
{
"date": "2019-06-17T22:15:10.090000",
"db": "NVD",
"id": "CVE-2017-10721"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-670"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101072"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10721"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014515"
},
{
"date": "2019-06-20T19:32:12.027000",
"db": "NVD",
"id": "CVE-2017-10721"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-670"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-670"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shekar Endoscope Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014515"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-670"
}
],
"trust": 0.6
}
}
VAR-201906-0706
Vulnerability from variot - Updated: 2023-12-18 12:00Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. Shekar Endoscope Contains vulnerabilities related to certificate and password management.Information may be tampered with. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. There is a security hole in SHEKARTechnologyEndoscope. An attacker could use this vulnerability to modify the default SSID and password, preventing users from accessing the device or causing other hazards. There is a security vulnerability in SHEKAR Technology Endoscope
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0706",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "endoscope camera",
"scope": "eq",
"trust": 1.0,
"vendor": "ishekar",
"version": "*"
},
{
"model": "endoscope",
"scope": null,
"trust": 0.8,
"vendor": "shekar",
"version": null
},
{
"model": "technology endoscope",
"scope": null,
"trust": 0.6,
"vendor": "shekar",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18874"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014519"
},
{
"db": "NVD",
"id": "CVE-2017-10718"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10718"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153241"
}
],
"trust": 0.1
},
"cve": "CVE-2017-10718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-10718",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-18874",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-101068",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-10718",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10718",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-18874",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-667",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101068",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-10718",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18874"
},
{
"db": "VULHUB",
"id": "VHN-101068"
},
{
"db": "VULMON",
"id": "CVE-2017-10718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014519"
},
{
"db": "NVD",
"id": "CVE-2017-10718"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-667"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. Shekar Endoscope Contains vulnerabilities related to certificate and password management.Information may be tampered with. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. There is a security hole in SHEKARTechnologyEndoscope. An attacker could use this vulnerability to modify the default SSID and password, preventing users from accessing the device or causing other hazards. There is a security vulnerability in SHEKAR Technology Endoscope",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014519"
},
{
"db": "CNVD",
"id": "CNVD-2019-18874"
},
{
"db": "VULHUB",
"id": "VHN-101068"
},
{
"db": "VULMON",
"id": "CVE-2017-10718"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10718",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153241",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014519",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-667",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18874",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101068",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-10718",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18874"
},
{
"db": "VULHUB",
"id": "VHN-101068"
},
{
"db": "VULMON",
"id": "CVE-2017-10718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014519"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10718"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-667"
}
]
},
"id": "VAR-201906-0706",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18874"
},
{
"db": "VULHUB",
"id": "VHN-101068"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18874"
}
]
},
"last_update_date": "2023-12-18T12:00:04.600000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "endoscope",
"trust": 0.8,
"url": "http://ishekar.com/en/products/endoscope/"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-10718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014519"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101068"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014519"
},
{
"db": "NVD",
"id": "CVE-2017-10718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10718"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10718"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10724"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18874"
},
{
"db": "VULHUB",
"id": "VHN-101068"
},
{
"db": "VULMON",
"id": "CVE-2017-10718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014519"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10718"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-667"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18874"
},
{
"db": "VULHUB",
"id": "VHN-101068"
},
{
"db": "VULMON",
"id": "CVE-2017-10718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014519"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10718"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-667"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18874"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101068"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10718"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014519"
},
{
"date": "2019-06-09T09:32:22",
"db": "PACKETSTORM",
"id": "153241"
},
{
"date": "2019-06-17T22:15:09.903000",
"db": "NVD",
"id": "CVE-2017-10718"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-667"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18874"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101068"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10718"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014519"
},
{
"date": "2019-06-20T18:08:54.060000",
"db": "NVD",
"id": "CVE-2017-10718"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-667"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-667"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shekar Endoscope Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014519"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-667"
}
],
"trust": 0.6
}
}
VAR-201906-0707
Vulnerability from variot - Updated: 2023-12-18 12:00Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. Shekar Endoscope Contains an information disclosure vulnerability.Information may be obtained. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. There is an authorization vulnerability in SHEKARTechnologyEndoscope. The vulnerability stems from a lack of authentication in the network system or product or insufficient strength of authentication. No detailed vulnerability details are currently available. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0707",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "endoscope camera",
"scope": "eq",
"trust": 1.0,
"vendor": "ishekar",
"version": "*"
},
{
"model": "endoscope",
"scope": null,
"trust": 0.8,
"vendor": "shekar",
"version": null
},
{
"model": "technology endoscope",
"scope": null,
"trust": 0.6,
"vendor": "shekar",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18875"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014520"
},
{
"db": "NVD",
"id": "CVE-2017-10719"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10719"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153241"
}
],
"trust": 0.1
},
"cve": "CVE-2017-10719",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-10719",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-18875",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-101069",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-10719",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10719",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-18875",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-668",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101069",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-10719",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18875"
},
{
"db": "VULHUB",
"id": "VHN-101069"
},
{
"db": "VULMON",
"id": "CVE-2017-10719"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014520"
},
{
"db": "NVD",
"id": "CVE-2017-10719"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-668"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. Shekar Endoscope Contains an information disclosure vulnerability.Information may be obtained. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. There is an authorization vulnerability in SHEKARTechnologyEndoscope. The vulnerability stems from a lack of authentication in the network system or product or insufficient strength of authentication. No detailed vulnerability details are currently available. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10719"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014520"
},
{
"db": "CNVD",
"id": "CNVD-2019-18875"
},
{
"db": "VULHUB",
"id": "VHN-101069"
},
{
"db": "VULMON",
"id": "CVE-2017-10719"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10719",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153241",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014520",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-668",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18875",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101069",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-10719",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18875"
},
{
"db": "VULHUB",
"id": "VHN-101069"
},
{
"db": "VULMON",
"id": "CVE-2017-10719"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014520"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10719"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-668"
}
]
},
"id": "VAR-201906-0707",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18875"
},
{
"db": "VULHUB",
"id": "VHN-101069"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18875"
}
]
},
"last_update_date": "2023-12-18T12:00:04.565000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "endoscope",
"trust": 0.8,
"url": "http://ishekar.com/en/products/endoscope/"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-10719"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014520"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014520"
},
{
"db": "NVD",
"id": "CVE-2017-10719"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10719"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10719"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10724"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18875"
},
{
"db": "VULHUB",
"id": "VHN-101069"
},
{
"db": "VULMON",
"id": "CVE-2017-10719"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014520"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10719"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-668"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18875"
},
{
"db": "VULHUB",
"id": "VHN-101069"
},
{
"db": "VULMON",
"id": "CVE-2017-10719"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014520"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10719"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-668"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18875"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101069"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10719"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014520"
},
{
"date": "2019-06-09T09:32:22",
"db": "PACKETSTORM",
"id": "153241"
},
{
"date": "2019-06-17T22:15:09.983000",
"db": "NVD",
"id": "CVE-2017-10719"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-668"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18875"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101069"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10719"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014520"
},
{
"date": "2019-06-20T18:12:54.627000",
"db": "NVD",
"id": "CVE-2017-10719"
},
{
"date": "2019-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-668"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shekar Endoscope Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-668"
}
],
"trust": 0.6
}
}
VAR-201906-0710
Vulnerability from variot - Updated: 2023-12-18 12:00Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangepass" which allows a user to change the Wi-Fi password on the device. This function calls a sub function "sub_75876EA0" at address 0x7587857C. The function determines which action to execute based on the parameters sent to it. The "sendchangepass" passes the datastring as the second argument which is the password we enter in the textbox and integer 2 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 2, it jumps to 0x7587718C and proceeds from there to address 0x758771C2 which calculates the length of the data string passed as the first parameter.This length and the first argument are then passed to the address 0x7587726F which calls a memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKAR Technology Endoscope is a portable endoscope device from China SHEKAR Technology Company. A buffer error vulnerability exists in SHEKAR Technology Endoscope. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0710",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "endoscope camera",
"scope": "eq",
"trust": 1.0,
"vendor": "ishekar",
"version": "*"
},
{
"model": "endoscope",
"scope": null,
"trust": 0.8,
"vendor": "shekar",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014516"
},
{
"db": "NVD",
"id": "CVE-2017-10722"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10722"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153241"
}
],
"trust": 0.1
},
"cve": "CVE-2017-10722",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-10722",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-101073",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-10722",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10722",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-671",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101073",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-10722",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101073"
},
{
"db": "VULMON",
"id": "CVE-2017-10722"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014516"
},
{
"db": "NVD",
"id": "CVE-2017-10722"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-671"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is installed on the device and an attacker who can provide the right payload can execute code on the user\u0027s system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called \"avilib.dll\" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function \"sendchangepass\" which allows a user to change the Wi-Fi password on the device. This function calls a sub function \"sub_75876EA0\" at address 0x7587857C. The function determines which action to execute based on the parameters sent to it. The \"sendchangepass\" passes the datastring as the second argument which is the password we enter in the textbox and integer 2 as first argument. The rest of the 3 arguments are set to 0. The function \"sub_75876EA0\" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 2, it jumps to 0x7587718C and proceeds from there to address 0x758771C2 which calculates the length of the data string passed as the first parameter.This length and the first argument are then passed to the address 0x7587726F which calls a memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKAR Technology Endoscope is a portable endoscope device from China SHEKAR Technology Company. A buffer error vulnerability exists in SHEKAR Technology Endoscope. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10722"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014516"
},
{
"db": "VULHUB",
"id": "VHN-101073"
},
{
"db": "VULMON",
"id": "CVE-2017-10722"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10722",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "153241",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014516",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-671",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101073",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-10722",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101073"
},
{
"db": "VULMON",
"id": "CVE-2017-10722"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014516"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10722"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-671"
}
]
},
"id": "VAR-201906-0710",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101073"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:00:04.534000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "endoscope",
"trust": 0.8,
"url": "http://ishekar.com/en/products/endoscope/"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-10722"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014516"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101073"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014516"
},
{
"db": "NVD",
"id": "CVE-2017-10722"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10722"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10722"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10724"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101073"
},
{
"db": "VULMON",
"id": "CVE-2017-10722"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014516"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10722"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-671"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101073"
},
{
"db": "VULMON",
"id": "CVE-2017-10722"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014516"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10722"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-671"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101073"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10722"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014516"
},
{
"date": "2019-06-09T09:32:22",
"db": "PACKETSTORM",
"id": "153241"
},
{
"date": "2019-06-17T22:15:10.137000",
"db": "NVD",
"id": "CVE-2017-10722"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-671"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101073"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10722"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014516"
},
{
"date": "2019-06-20T19:03:37.567000",
"db": "NVD",
"id": "CVE-2017-10722"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-671"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-671"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shekar Endoscope Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014516"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-671"
}
],
"trust": 0.6
}
}
VAR-201906-0712
Vulnerability from variot - Updated: 2023-12-18 12:00Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: "SETCMD0001+0002+[2 byte length of wifipassword]+[Wifipassword]. This request is handled by "control_Dev_thread" function which at address "0x00409AE4" compares the incoming request and determines if the 10th byte is 02 and if it is then it redirects to 0x0040A7D8, which calls the function "setwifipassword". The function "setwifipassword" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. A buffer overflow vulnerability exists in SHEKARTechnologyEndoscope that could be exploited by an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "endoscope camera",
"scope": "eq",
"trust": 1.0,
"vendor": "ishekar",
"version": "*"
},
{
"model": "endoscope",
"scope": null,
"trust": 0.8,
"vendor": "shekar",
"version": null
},
{
"model": "technology endoscope",
"scope": null,
"trust": 0.6,
"vendor": "shekar",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25508"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014518"
},
{
"db": "NVD",
"id": "CVE-2017-10724"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10724"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153241"
}
],
"trust": 0.1
},
"cve": "CVE-2017-10724",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-10724",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-25508",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-101075",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-10724",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10724",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-25508",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-675",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101075",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-10724",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25508"
},
{
"db": "VULHUB",
"id": "VHN-101075"
},
{
"db": "VULMON",
"id": "CVE-2017-10724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014518"
},
{
"db": "NVD",
"id": "CVE-2017-10724"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-675"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: \"SETCMD0001+0002+[2 byte length of wifipassword]+[Wifipassword]. This request is handled by \"control_Dev_thread\" function which at address \"0x00409AE4\" compares the incoming request and determines if the 10th byte is 02 and if it is then it redirects to 0x0040A7D8, which calls the function \"setwifipassword\". The function \"setwifipassword\" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. A buffer overflow vulnerability exists in SHEKARTechnologyEndoscope that could be exploited by an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014518"
},
{
"db": "CNVD",
"id": "CNVD-2019-25508"
},
{
"db": "VULHUB",
"id": "VHN-101075"
},
{
"db": "VULMON",
"id": "CVE-2017-10724"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10724",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153241",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-675",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-25508",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101075",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-10724",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25508"
},
{
"db": "VULHUB",
"id": "VHN-101075"
},
{
"db": "VULMON",
"id": "CVE-2017-10724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014518"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10724"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-675"
}
]
},
"id": "VAR-201906-0712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25508"
},
{
"db": "VULHUB",
"id": "VHN-101075"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25508"
}
]
},
"last_update_date": "2023-12-18T12:00:04.501000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "endoscope",
"trust": 0.8,
"url": "http://ishekar.com/en/products/endoscope/"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-10724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014518"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101075"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014518"
},
{
"db": "NVD",
"id": "CVE-2017-10724"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html"
},
{
"trust": 2.4,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10724"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10724"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10723"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25508"
},
{
"db": "VULHUB",
"id": "VHN-101075"
},
{
"db": "VULMON",
"id": "CVE-2017-10724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014518"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10724"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-675"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-25508"
},
{
"db": "VULHUB",
"id": "VHN-101075"
},
{
"db": "VULMON",
"id": "CVE-2017-10724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014518"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10724"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-675"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25508"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101075"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10724"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014518"
},
{
"date": "2019-06-09T09:32:22",
"db": "PACKETSTORM",
"id": "153241"
},
{
"date": "2019-06-17T22:15:10.263000",
"db": "NVD",
"id": "CVE-2017-10724"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-675"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25508"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101075"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10724"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014518"
},
{
"date": "2019-06-20T18:50:35.190000",
"db": "NVD",
"id": "CVE-2017-10724"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-675"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-675"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shekar Endoscope Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014518"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-675"
}
],
"trust": 0.6
}
}
VAR-201906-0708
Vulnerability from variot - Updated: 2023-12-18 12:00Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangename" which allows a user to change the Wi-Fi name on the device. This function calls a sub function "sub_75876EA0" at address 0x758784F8. The function determines which action to execute based on the parameters sent to it. The "sendchangename" passes the datastring as the second argument which is the name we enter in the textbox and integer 1 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 1, it jumps to 0x75876F20 and proceeds from there to address 0x75876F56 which calculates the length of the data string passed as the first parameter. This length and the first argument are then passed to the address 0x75877001 which calls the memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. A buffer overflow vulnerability exists in SHEKARTechnologyEndoscope. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0708",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "endoscope camera",
"scope": "eq",
"trust": 1.0,
"vendor": "ishekar",
"version": "*"
},
{
"model": "endoscope",
"scope": null,
"trust": 0.8,
"vendor": "shekar",
"version": null
},
{
"model": "technology endoscope",
"scope": null,
"trust": 0.6,
"vendor": "shekar",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18876"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014514"
},
{
"db": "NVD",
"id": "CVE-2017-10720"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10720"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153241"
}
],
"trust": 0.1
},
"cve": "CVE-2017-10720",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-10720",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-18876",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-101071",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-10720",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10720",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-18876",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-669",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101071",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-10720",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18876"
},
{
"db": "VULHUB",
"id": "VHN-101071"
},
{
"db": "VULMON",
"id": "CVE-2017-10720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014514"
},
{
"db": "NVD",
"id": "CVE-2017-10720"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-669"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed on the device and an attacker who can provide the right payload can execute code on the user\u0027s system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called \"avilib.dll\" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function \"sendchangename\" which allows a user to change the Wi-Fi name on the device. This function calls a sub function \"sub_75876EA0\" at address 0x758784F8. The function determines which action to execute based on the parameters sent to it. The \"sendchangename\" passes the datastring as the second argument which is the name we enter in the textbox and integer 1 as first argument. The rest of the 3 arguments are set to 0. The function \"sub_75876EA0\" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 1, it jumps to 0x75876F20 and proceeds from there to address 0x75876F56 which calculates the length of the data string passed as the first parameter. This length and the first argument are then passed to the address 0x75877001 which calls the memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. A buffer overflow vulnerability exists in SHEKARTechnologyEndoscope. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014514"
},
{
"db": "CNVD",
"id": "CNVD-2019-18876"
},
{
"db": "VULHUB",
"id": "VHN-101071"
},
{
"db": "VULMON",
"id": "CVE-2017-10720"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10720",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153241",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014514",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-669",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18876",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101071",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-10720",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18876"
},
{
"db": "VULHUB",
"id": "VHN-101071"
},
{
"db": "VULMON",
"id": "CVE-2017-10720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014514"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10720"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-669"
}
]
},
"id": "VAR-201906-0708",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18876"
},
{
"db": "VULHUB",
"id": "VHN-101071"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18876"
}
]
},
"last_update_date": "2023-12-18T12:00:04.467000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "endoscope",
"trust": 0.8,
"url": "http://ishekar.com/en/products/endoscope/"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-10720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101071"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014514"
},
{
"db": "NVD",
"id": "CVE-2017-10720"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10720"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10720"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10724"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18876"
},
{
"db": "VULHUB",
"id": "VHN-101071"
},
{
"db": "VULMON",
"id": "CVE-2017-10720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014514"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10720"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-669"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18876"
},
{
"db": "VULHUB",
"id": "VHN-101071"
},
{
"db": "VULMON",
"id": "CVE-2017-10720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014514"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10720"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-669"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18876"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101071"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10720"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014514"
},
{
"date": "2019-06-09T09:32:22",
"db": "PACKETSTORM",
"id": "153241"
},
{
"date": "2019-06-17T22:15:10.030000",
"db": "NVD",
"id": "CVE-2017-10720"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-669"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18876"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101071"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10720"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014514"
},
{
"date": "2019-06-20T18:53:52.313000",
"db": "NVD",
"id": "CVE-2017-10720"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-669"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-669"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shekar Endoscope Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-669"
}
],
"trust": 0.6
}
}
VAR-201906-0711
Vulnerability from variot - Updated: 2023-12-18 12:00Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: "SETCMD0001+0001+[2 byte length of wifiname]+[Wifiname]. This request is handled by "control_Dev_thread" function which at address "0x00409AE0" compares the incoming request and determines if the 10th byte is 01 and if it is then it redirects to 0x0040A74C which calls the function "setwifiname". The function "setwifiname" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. A buffer overflow vulnerability exists in SHEKARTechnologyEndoscope. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0711",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "endoscope camera",
"scope": "eq",
"trust": 1.0,
"vendor": "ishekar",
"version": "*"
},
{
"model": "endoscope",
"scope": null,
"trust": 0.8,
"vendor": "shekar",
"version": null
},
{
"model": "technology endoscope",
"scope": null,
"trust": 0.6,
"vendor": "shekar",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18879"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014517"
},
{
"db": "NVD",
"id": "CVE-2017-10723"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153241"
}
],
"trust": 0.1
},
"cve": "CVE-2017-10723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-10723",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-18879",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-101074",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-10723",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10723",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-18879",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-673",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101074",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-10723",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18879"
},
{
"db": "VULHUB",
"id": "VHN-101074"
},
{
"db": "VULMON",
"id": "CVE-2017-10723"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014517"
},
{
"db": "NVD",
"id": "CVE-2017-10723"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-673"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: \"SETCMD0001+0001+[2 byte length of wifiname]+[Wifiname]. This request is handled by \"control_Dev_thread\" function which at address \"0x00409AE0\" compares the incoming request and determines if the 10th byte is 01 and if it is then it redirects to 0x0040A74C which calls the function \"setwifiname\". The function \"setwifiname\" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. A buffer overflow vulnerability exists in SHEKARTechnologyEndoscope. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10723"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014517"
},
{
"db": "CNVD",
"id": "CNVD-2019-18879"
},
{
"db": "VULHUB",
"id": "VHN-101074"
},
{
"db": "VULMON",
"id": "CVE-2017-10723"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10723",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153241",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014517",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-673",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18879",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101074",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-10723",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18879"
},
{
"db": "VULHUB",
"id": "VHN-101074"
},
{
"db": "VULMON",
"id": "CVE-2017-10723"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014517"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10723"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-673"
}
]
},
"id": "VAR-201906-0711",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18879"
},
{
"db": "VULHUB",
"id": "VHN-101074"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18879"
}
]
},
"last_update_date": "2023-12-18T12:00:04.431000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "endoscope",
"trust": 0.8,
"url": "http://ishekar.com/en/products/endoscope/"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-10723"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014517"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101074"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014517"
},
{
"db": "NVD",
"id": "CVE-2017-10723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10723"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10723"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10724"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18879"
},
{
"db": "VULHUB",
"id": "VHN-101074"
},
{
"db": "VULMON",
"id": "CVE-2017-10723"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014517"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10723"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-673"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18879"
},
{
"db": "VULHUB",
"id": "VHN-101074"
},
{
"db": "VULMON",
"id": "CVE-2017-10723"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014517"
},
{
"db": "PACKETSTORM",
"id": "153241"
},
{
"db": "NVD",
"id": "CVE-2017-10723"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-673"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18879"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101074"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10723"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014517"
},
{
"date": "2019-06-09T09:32:22",
"db": "PACKETSTORM",
"id": "153241"
},
{
"date": "2019-06-17T22:15:10.200000",
"db": "NVD",
"id": "CVE-2017-10723"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-673"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18879"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101074"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10723"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014517"
},
{
"date": "2019-06-20T19:10:17.227000",
"db": "NVD",
"id": "CVE-2017-10723"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-673"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-673"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shekar Endoscope Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014517"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-673"
}
],
"trust": 0.6
}
}