### [CVE-2019-10710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10710)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.

### POC

#### Reference
- https://dojo.bullguard.com/dojo-by-bullguard/blog/cam-hi-risk/
- https://dojo.bullguard.com/dojo-by-bullguard/blog/cam-hi-risk/

#### Github
No PoCs found on GitHub currently.