Lucene search

[email protected]NVD:CVE-2021-40382

HistorySep 01, 2021 - 6:15 p.m.

CVE-2021-40382

2021-09-0118:15:09

[email protected]

web.nvd.nist.gov

cve-2021-40382

compro ip70

ip570

ip60

tn540

mjpegstreamer.cgi

video screenshot access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.21

Percentile

96.4%

JSON

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access.

Affected configurations

Nvd

Node

comprotechip70_firmwareMatch2.08_7130218

AND

comprotechip70

Node

comprotechip570_firmwareMatch2.08_7130520

AND

comprotechip570

Node

comprotechip60_firmwareMatch-

AND

comprotechip60

Node

comprotechtn540_firmwareMatch-

AND

comprotechtn540

VendorProductVersionCPE
comprotechip70_firmware2.08_7130218cpe:2.3:o:comprotech:ip70_firmware:2.08_7130218:*:*:*:*:*:*:*
comprotechip70*cpe:2.3:h:comprotech:ip70:*:*:*:*:*:*:*:*
comprotechip570_firmware2.08_7130520cpe:2.3:o:comprotech:ip570_firmware:2.08_7130520:*:*:*:*:*:*:*
comprotechip570*cpe:2.3:h:comprotech:ip570:*:*:*:*:*:*:*:*
comprotechip60_firmware-cpe:2.3:o:comprotech:ip60_firmware:-:*:*:*:*:*:*:*
comprotechip60*cpe:2.3:h:comprotech:ip60:*:*:*:*:*:*:*:*
comprotechtn540_firmware-cpe:2.3:o:comprotech:tn540_firmware:-:*:*:*:*:*:*:*
comprotechtn540*cpe:2.3:h:comprotech:tn540:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
comprotech	ip70_firmware	2.08_7130218	cpe:2.3:o:comprotech:ip70_firmware:2.08_7130218:::::::*
comprotech	ip70	*	cpe:2.3:h:comprotech:ip70::::::::
comprotech	ip570_firmware	2.08_7130520	cpe:2.3:o:comprotech:ip570_firmware:2.08_7130520:::::::*
comprotech	ip570	*	cpe:2.3:h:comprotech:ip570::::::::
comprotech	ip60_firmware	-	cpe:2.3:o:comprotech:ip60_firmware:-:::::::*
comprotech	ip60	*	cpe:2.3:h:comprotech:ip60::::::::
comprotech	tn540_firmware	-	cpe:2.3:o:comprotech:tn540_firmware:-:::::::*
comprotech	tn540	*	cpe:2.3:h:comprotech:tn540::::::::

References

packetstormsecurity.com/files/164032/Compro-Technology-IP-Camera-Screenshot-Disclosure.html

github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-vulnerabilities.md

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.21

Percentile

96.4%

JSON

Related for NVD:CVE-2021-40382

cvelist1 prion1 cve1 exploitdb1 packetstorm1 zdt1