mirror of https://github.com/qwqdanchun/Goby.git
35 lines
1.4 KiB
JSON
35 lines
1.4 KiB
JSON
{
|
|
"Name": "Hipcam User Credential Disclosure",
|
|
"Description": "The plaintext password of the surveillance camera based on Huawei Hi3510 chip is leaked, and the attacker can view all the user names and passwords of the device, obtain the background permissions, view the monitoring content and control the whole device only through a simple HTTP request.",
|
|
"Product": "Hipcam",
|
|
"Homepage": "https://www.huawei.com",
|
|
"DisclosureDate": "2021-06-04",
|
|
"Author": "atdpa4sw0rd@gmail.com",
|
|
"GobyQuery": "body=\"Error: username or password error,please input again.\"",
|
|
"Level": "3",
|
|
"Impact": "<p>With a simple HTTP request, an attacker can view all the user names and passwords of the device, obtain background permissions, view the monitoring content, and control the entire device.<br></p>",
|
|
"Recommendation": "<p>1. Increase permission settings</p><p>2. The whitelist restricts the login ip</p><p>3. Internet access is prohibited</p>",
|
|
"References": [
|
|
"https://www.secpulse.com/archives/45468.html"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": null,
|
|
"ExpTips": {
|
|
"Type": "",
|
|
"Content": ""
|
|
},
|
|
"ScanSteps": null,
|
|
"ExploitSteps": null,
|
|
"Tags": [
|
|
"Disclosure of Sensitive Information"
|
|
],
|
|
"CVEIDs": null,
|
|
"CVSSScore": "0.0",
|
|
"AttackSurfaces": {
|
|
"Application": null,
|
|
"Support": null,
|
|
"Service": null,
|
|
"System": null,
|
|
"Hardware": null
|
|
}
|
|
} |