admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-138xx/CVE-2024-13894.json
cad-safe-bot 7ab230f046 Auto-Update: 2025-03-16T03:00:19.723046+00:00
2025-03-16 03:03:50 +00:00

86 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-13894",
"sourceIdentifier": "cvd@cert.pl",
"published": "2025-03-06T14:15:35.777",
"lastModified": "2025-03-06T14:15:35.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Smartwares cameras\u00a0CIP-37210AT and\u00a0C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. \nWhen an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by providing paths to the files. However, the directories to which a user has access are not limited, allowing for path traversal attacks and downloading sensitive information.\nThe vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well."
},
{
"lang": "es",
"value": "Smartwares cameras CIP-37210AT y C724IP, as\u00ed como otras que comparten el mismo firmware en versiones hasta la 3.3.0, son vulnerables a ataques de path traversal. Cuando un dispositivo afectado se conecta a una aplicaci\u00f3n m\u00f3vil, abre un puerto 10000 que permite al usuario descargar im\u00e1genes tomadas en momentos espec\u00edficos proporcionando rutas a los archivos. Sin embargo, los directorios a los que tiene acceso un usuario no est\u00e1n limitados, lo que permite ataques de path traversal y la descarga de informaci\u00f3n confidencial. El proveedor no ha respondido a los informes, por lo que el estado de la aplicaci\u00f3n de parches sigue siendo desconocido. Las versiones de firmware m\u00e1s nuevas tambi\u00e9n podr\u00edan ser vulnerables."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2025/03/CVE-2024-13892/",
"source": "cvd@cert.pl"
},
{
"url": "https://www.smartwares.eu/en-gb/smartwares-cip-37210at-indoor-wi-fi-camera-cip--37210at",
"source": "cvd@cert.pl"
}
]
}
Reference in New Issue View Git Blame Copy Permalink