FKIE_CVE-2019-11014

Vulnerability from fkie_nvd - Published: 2019-04-08 20:29 - Updated: 2024-11-21 04:20
Severity
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When the camera responds to the client, it responds via the broadcast address, giving all information necessary to impersonate the camera. The attacker then floods the client with responses, causing the original camera to be denied service from the client, and thus causing the client to then communicate exclusively with the attacker's fake camera server. When connecting to the fake camera server, the client sends all details necessary to login to the camera (username and password).
References
cve@mitre.orghttp://blog.0x42424242.in/2019/03/vstarcam-investigational-security.htmlExploit, Third Party Advisory
cve@mitre.orghttp://blog.0x42424242.in/2019/03/vstarcam-investigational-security_22.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://blog.0x42424242.in/2019/03/vstarcam-investigational-security.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://blog.0x42424242.in/2019/03/vstarcam-investigational-security_22.htmlExploit, Third Party Advisory
Impacted products
Vendor Product Version
vstarcam eye4 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vstarcam:eye4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "023A497B-2944-40BB-8B4D-779C2BC2A5FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When the camera responds to the client, it responds via the broadcast address, giving all information necessary to impersonate the camera. The attacker then floods the client with responses, causing the original camera to be denied service from the client, and thus causing the client to then communicate exclusively with the attacker\u0027s fake camera server. When connecting to the fake camera server, the client sends all details necessary to login to the camera (username and password)."
    },
    {
      "lang": "es",
      "value": "La biblioteca VStarCam vstc.vscam.Client y el objeto compartido vstc.vscam, tal como se utiliza en la aplicaci\u00f3n Eye4 (para Android, iOS y Windows), no impiden la suplantaci\u00f3n del servidor de la c\u00e1mara. Un atacante puede crear un servidor de c\u00e1mara falso que esp\u00ede al cliente en busca de una c\u00e1mara en la red local. Cuando la c\u00e1mara responde al cliente, responde por medio de la direcci\u00f3n de difusi\u00f3n, dando toda la informaci\u00f3n necesaria para suplantar a la c\u00e1mara. A continuaci\u00f3n, el atacante inunda al cliente con respuestas, causando que la c\u00e1mara original presente un servicio denegado desde el cliente y, por tanto, el cliente se comunique exclusivamente con el servidor de c\u00e1mara falso del atacante. Al conectarse al servidor de c\u00e1mara falso, el cliente env\u00eda todos los detalles necesarios para iniciar sesi\u00f3n en la c\u00e1mara (nombre de usuario y contrase\u00f1a)."
    }
  ],
  "id": "CVE-2019-11014",
  "lastModified": "2024-11-21T04:20:21.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-08T20:29:10.253",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://blog.0x42424242.in/2019/03/vstarcam-investigational-security.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://blog.0x42424242.in/2019/03/vstarcam-investigational-security_22.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://blog.0x42424242.in/2019/03/vstarcam-investigational-security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://blog.0x42424242.in/2019/03/vstarcam-investigational-security_22.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.