|
248751
|
9.8 |
CRITICAL
Network
|
debian
|
dpkg
|
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct dire…
|
CWE-22
Path Traversal
|
CVE-2017-8283
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248752
|
9.8 |
CRITICAL
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-8225
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248753
|
9.8 |
CRITICAL
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-8224
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248754
|
7.5 |
HIGH
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.
|
CWE-287
Improper Authentication
|
CVE-2017-8223
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248755
|
7.5 |
HIGH
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to o…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-8222
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248756
|
7.5 |
HIGH
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote atta…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-8221
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248757
|
9.9 |
CRITICAL
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP P…
|
CWE-78
OS Command
|
CVE-2017-8220
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248758
|
6.5 |
MEDIUM
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
|
CWE-20
Improper Input Validation
|
CVE-2017-8219
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248759
|
9.8 |
CRITICAL
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password,…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2017-8218
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248760
|
5.3 |
MEDIUM
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
|
CWE-862
Missing Authorization
|
CVE-2017-8217
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
