Lucene search
HistoryJul 18, 2022 - 1:15 p.m.
CVE-2022-30620
cve-2022-30620
cellinx camera
privilege escalation
cookie manipulation
administrative privileges
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.8%
On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: “1” to “0” privileges by changing the following cookie values from “is_admin”, “showConfig”. Administrative Privileges which allows changing various configuration in the camera.
Affected configurations
Node
cellinxcellinx_nvt_-_ip_ptz_camera_firmwareMatch3.2.0
ORcellinxcellinx_nvt_-_ip_ptz_camera_firmwareMatch3.2.1
cellinxcellinx_nvt_-_ip_ptz_cameraMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cellinx | cellinx_nvt_-_ip_ptz_camera_firmware | 3.2.0 | cpe:2.3:o:cellinx:cellinx_nvt_-_ip_ptz_camera_firmware:3.2.0:*:*:*:*:*:*:* |
| cellinx | cellinx_nvt_-_ip_ptz_camera_firmware | 3.2.1 | cpe:2.3:o:cellinx:cellinx_nvt_-_ip_ptz_camera_firmware:3.2.1:*:*:*:*:*:*:* |
| cellinx | cellinx_nvt_-_ip_ptz_camera | - | cpe:2.3:h:cellinx:cellinx_nvt_-_ip_ptz_camera:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-30620 Cellinx NVT – IP PTZ Camera Privilege Escalation
2022-07-18 12:54:33
cve
cve
CVE-2022-30620
2022-07-18 13:15:09
prion
prion
Design/Logic Flaw
2022-07-18 13:15:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.8%
Related for NVD:CVE-2022-30620