Vulnerability-Lookup

FKIE_CVE-2024-5096

Vulnerability from fkie_nvd - Published: 2024-05-19 02:15 - Updated: 2024-11-21 09:46

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

	URL	Tags
	cna@vuldb.com	https://netsecfish.notion.site/Unauthorized-Access-to-MAC-Address-in-Hipcam-Device-a9a8daeeda954e83af847eb27805dc99?pvs=4
	cna@vuldb.com	https://vuldb.com/?ctiid.265078
	cna@vuldb.com	https://vuldb.com/?id.265078
	cna@vuldb.com	https://vuldb.com/?submit.332785
	af854a3a-2127-422b-91ae-364da2661108	https://netsecfish.notion.site/Unauthorized-Access-to-MAC-Address-in-Hipcam-Device-a9a8daeeda954e83af847eb27805dc99?pvs=4
	af854a3a-2127-422b-91ae-364da2661108	https://vuldb.com/?ctiid.265078
	af854a3a-2127-422b-91ae-364da2661108	https://vuldb.com/?id.265078
	af854a3a-2127-422b-91ae-364da2661108	https://vuldb.com/?submit.332785

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad fue encontrada en Hipcam Device hasta 20240511 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /log/wifi.mac del componente MAC Address Handler. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-265078 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor primeramente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
    }
  ],
  "id": "CVE-2024-5096",
  "lastModified": "2024-11-21T09:46:57.483",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-19T02:15:49.483",
  "references": [
    {
      "source": "cna@vuldb.com",
      "url": "https://netsecfish.notion.site/Unauthorized-Access-to-MAC-Address-in-Hipcam-Device-a9a8daeeda954e83af847eb27805dc99?pvs=4"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?ctiid.265078"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?id.265078"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?submit.332785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://netsecfish.notion.site/Unauthorized-Access-to-MAC-Address-in-Hipcam-Device-a9a8daeeda954e83af847eb27805dc99?pvs=4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://vuldb.com/?ctiid.265078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://vuldb.com/?id.265078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://vuldb.com/?submit.332785"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-5096 (GCVE-0-2024-5096)

Vulnerability from cvelistv5 – Published: 2024-05-19 02:00 – Updated: 2024-08-01 21:03

Title

Hipcam Device MAC Address wifi.mac information disclosure

Summary

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Information Disclosure

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.265078	vdb-entry
	https://vuldb.com/?ctiid.265078	signaturepermissions-required
	https://vuldb.com/?submit.332785	third-party-advisory
	https://netsecfish.notion.site/Unauthorized-Acces…	exploit

Impacted products

	Vendor	Product	Version
	Hipcam	Device	Affected: 20240511

Credits

netsecfish (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hipcam:device:20240511:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "device",
            "vendor": "hipcam",
            "versions": [
              {
                "status": "affected",
                "version": "20240511"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5096",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T14:37:40.977742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:01:55.346Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:10.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-265078 | Hipcam Device MAC Address wifi.mac information disclosure",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.265078"
          },
          {
            "name": "VDB-265078 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.265078"
          },
          {
            "name": "Submit #332785 | Hipcam N/A N/A Information Disclosure",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.332785"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://netsecfish.notion.site/Unauthorized-Access-to-MAC-Address-in-Hipcam-Device-a9a8daeeda954e83af847eb27805dc99?pvs=4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "MAC Address Handler"
          ],
          "product": "Device",
          "vendor": "Hipcam",
          "versions": [
            {
              "status": "affected",
              "version": "20240511"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "netsecfish (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Hipcam Device bis 20240511 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /log/wifi.mac der Komponente MAC Address Handler. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-19T02:00:04.610Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-265078 | Hipcam Device MAC Address wifi.mac information disclosure",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.265078"
        },
        {
          "name": "VDB-265078 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.265078"
        },
        {
          "name": "Submit #332785 | Hipcam N/A N/A Information Disclosure",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.332785"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://netsecfish.notion.site/Unauthorized-Access-to-MAC-Address-in-Hipcam-Device-a9a8daeeda954e83af847eb27805dc99?pvs=4"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-05-18T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-05-18T09:13:46.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Hipcam Device MAC Address wifi.mac information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-5096",
    "datePublished": "2024-05-19T02:00:04.610Z",
    "dateReserved": "2024-05-18T07:08:21.332Z",
    "dateUpdated": "2024-08-01T21:03:10.454Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2024-5096

CVE-2024-5096 (GCVE-0-2024-5096)

Tags

Sightings

Nomenclature