var-201810-0497
Vulnerability from variot
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. Hangzhou Xiongmai Information Technology Co., Ltd. focuses on security monitoring and video intelligence research and development. Multiple security weaknesses 2. Security bypass vulnerability Successfully exploiting these issues allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, bypass the authentication mechanism and gain unauthorized access. This may aid in launching further attacks. XMeye P2P Cloud Server product is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0497",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xmeye p2p cloud server",
"scope": "eq",
"trust": 1.0,
"vendor": "xiongmaitech",
"version": "*"
},
{
"model": "xmeye p2p cloud server",
"scope": null,
"trust": 0.8,
"vendor": "xiongmai",
"version": null
},
{
"model": "ip cameras",
"scope": null,
"trust": 0.6,
"vendor": "xiongmai information",
"version": null
},
{
"model": "nvrs and dvrs incl. 3rd party oem devices",
"scope": null,
"trust": 0.6,
"vendor": "xiongmai information",
"version": null
},
{
"model": "xmeye p2p cloud server",
"scope": null,
"trust": 0.6,
"vendor": "xiongmaitech",
"version": null
},
{
"model": "xiongmai technology xmeye p2p cloud server",
"scope": "eq",
"trust": 0.3,
"vendor": "",
"version": "0"
},
{
"model": "ip cameras",
"scope": "eq",
"trust": 0.2,
"vendor": "xiongmai information",
"version": "*"
},
{
"model": "nvrs and dvrs incl. 3rd party oem devices",
"scope": "eq",
"trust": 0.2,
"vendor": "xiongmai information",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20455"
},
{
"db": "BID",
"id": "105722"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-500"
},
{
"db": "NVD",
"id": "CVE-2018-17919"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:xiongmai_technologies:xmeye_p2p_cloud_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb\u00f6ck on behalf of SEC Consult Vulnerability Lab",
"sources": [
{
"db": "BID",
"id": "105722"
}
],
"trust": 0.3
},
"cve": "CVE-2018-17919",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-17919",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20455",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-17919",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-17919",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-17919",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-20455",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-500",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20455"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-500"
},
{
"db": "NVD",
"id": "CVE-2018-17919"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account \"default\" with its default password to login to XMeye and access/view video streams. Hangzhou Xiongmai Information Technology Co., Ltd. focuses on security monitoring and video intelligence research and development. Multiple security weaknesses\n2. Security bypass vulnerability\nSuccessfully exploiting these issues allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, bypass the authentication mechanism and gain unauthorized access. This may aid in launching further attacks. \nXMeye P2P Cloud Server product is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17919"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
},
{
"db": "CNVD",
"id": "CNVD-2018-20455"
},
{
"db": "BID",
"id": "105722"
},
{
"db": "IVD",
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17919",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-282-06",
"trust": 2.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20455",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-500",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011238",
"trust": 0.8
},
{
"db": "BID",
"id": "105722",
"trust": 0.3
},
{
"db": "IVD",
"id": "E2FD1B21-39AB-11E9-9D4B-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20455"
},
{
"db": "BID",
"id": "105722"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-500"
},
{
"db": "NVD",
"id": "CVE-2018-17919"
}
]
},
"id": "VAR-201810-0497",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20455"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20455"
}
]
},
"last_update_date": "2024-11-23T22:12:19.118000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.xiongmaitech.com/en/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
},
{
"problemtype": "CWE-912",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
},
{
"db": "NVD",
"id": "CVE-2018-17919"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-282-06"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17919"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17919"
},
{
"trust": 0.6,
"url": "https://seclists.org/fulldisclosure/2018/oct/22"
},
{
"trust": 0.3,
"url": "https://www.xmeye.net/index"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20455"
},
{
"db": "BID",
"id": "105722"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-500"
},
{
"db": "NVD",
"id": "CVE-2018-17919"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-20455"
},
{
"db": "BID",
"id": "105722"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-500"
},
{
"db": "NVD",
"id": "CVE-2018-17919"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "IVD",
"id": "e2fd1b21-39ab-11e9-9d4b-000c29342cb1"
},
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20455"
},
{
"date": "2018-10-09T00:00:00",
"db": "BID",
"id": "105722"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011238"
},
{
"date": "2018-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-500"
},
{
"date": "2018-10-10T15:29:00.487000",
"db": "NVD",
"id": "CVE-2018-17919"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20455"
},
{
"date": "2018-10-09T00:00:00",
"db": "BID",
"id": "105722"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011238"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-500"
},
{
"date": "2024-11-21T03:55:12.570000",
"db": "NVD",
"id": "CVE-2018-17919"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-500"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011238"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-500"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…