Lucene search

MitreCVE-2022-38970

HistorySep 26, 2022 - 11:15 a.m.

CVE-2022-38970

2022-09-2611:15:09

CWE-330

mitre

web.nvd.nist.gov

iegeek ig20

hipcam

realserver

vulnerability

incorrect access control

shenzhen yunni technology

ilnkp2p

cve-2022-38970

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

57.5%

JSON

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.

Affected configurations

Nvd

Node

iegeekig20_firmwareMatch-

AND

iegeekig20Match-

Node

hipcamrealserverMatch1.0

VendorProductVersionCPE
iegeekig20_firmware-cpe:2.3:o:iegeek:ig20_firmware:-:*:*:*:*:*:*:*
iegeekig20-cpe:2.3:h:iegeek:ig20:-:*:*:*:*:*:*:*
hipcamrealserver1.0cpe:2.3:a:hipcam:realserver:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iegeek	ig20_firmware	-	cpe:2.3:o:iegeek:ig20_firmware:-:::::::*
iegeek	ig20	-	cpe:2.3:h:iegeek:ig20:-:::::::*
hipcam	realserver	1.0	cpe:2.3:a:hipcam:realserver:1.0:::::::*

References

www.realinfosec.net/cybersecurity-news/iegeek-vulnerabilities-still-prevalent-in-2022-amazon-ft-ig20/

Social References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

57.5%

JSON

Related for CVE-2022-38970