admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-568xx/CVE-2024-56897.json
cad-safe-bot 2217f145a3 Auto-Update: 2025-03-03T21:00:20.353522+00:00
2025-03-03 21:03:49 +00:00

138 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-56897",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-24T16:15:12.463",
"lastModified": "2025-03-03T20:15:43.540",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset."
},
{
"lang": "es",
"value": " El control de acceso inadecuado en el servidor HTTP de YI Car Dashcam v3.88 permite descargas y cargas de archivos sin restricciones y comandos API. Los comandos API tambi\u00e9n se pueden utilizar para realizar modificaciones no autorizadas en la configuraci\u00f3n del dispositivo, como deshabilitar la grabaci\u00f3n, deshabilitar los sonidos o restablecer los valores de f\u00e1brica."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yitechnology:yi_car_dashcam_firmware:3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "63900D3F-0040-45DC-9C91-34E968E71E43"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yitechnology:yi_car_dashcam:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8489067E-ADD1-47A2-B515-256C4B276B17"
}
]
}
]
}
],
"references": [
{
"url": "https://geochen.medium.com/cve-2024-56897-yi-car-dashcam-39304a4b21b4",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/geo-chen/YI-Smart-Dashcam/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://yitechnology.com.sg/products/dash-camera/",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink