cvelist/2021/26xxx/CVE-2021-26627.json

{
    "CVE_data_meta": {
        "ASSIGNER": "vuln@krcert.or.kr",
        "ID": "CVE-2021-26627",
        "STATE": "PUBLIC",
        "TITLE": "EDrhyme QCP 200W Information Exposure Vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "QCP 200W",
                                "version": {
                                    "version_data": [
                                        {
                                            "platform": "Windows, Android",
                                            "version_affected": "=",
                                            "version_name": "No version information",
                                            "version_value": "No version information"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "EDrhyme Co.,Ltd"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-284 Improper Access Control"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66663",
                "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66663"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
}