Search criteria
15 vulnerabilities found for IP security cameras by Milesight
VAR-201910-1355
Vulnerability from variot - Updated: 2024-11-23 23:11Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. Milesight IP security cameras Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could use this vulnerability to access these accounts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1355",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip security camera",
"scope": "lte",
"trust": 1.0,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "lte",
"trust": 0.8,
"vendor": "milesight",
"version": "2016/11/14"
},
{
"model": "ip security cameras",
"scope": "lt",
"trust": 0.6,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "eq",
"trust": 0.6,
"vendor": "milesight",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40064"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1495"
},
{
"db": "NVD",
"id": "CVE-2016-2358"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:milesight:ip_security_camera_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
}
]
},
"cve": "CVE-2016-2358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2358",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-40064",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2358",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2358",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2358",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2358",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-40064",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1495",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40064"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1495"
},
{
"db": "NVD",
"id": "CVE-2016-2358"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. Milesight IP security cameras Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could use this vulnerability to access these accounts",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"db": "CNVD",
"id": "CNVD-2019-40064"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2358",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009570",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-40064",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1495",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40064"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1495"
},
{
"db": "NVD",
"id": "CVE-2016-2358"
}
]
},
"id": "VAR-201910-1355",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40064"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40064"
}
]
},
"last_update_date": "2024-11-23T23:11:42.089000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.milesight.com/"
},
{
"title": "Patch for Milesight IP security cameras Trust Management Issues Vulnerability (CNVD-2019-40064)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189465"
},
{
"title": "Milesight IP security cameras Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101402"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40064"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1495"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"db": "NVD",
"id": "CVE-2016-2358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://kirils.org/slides/2016-10-06_milesight_initial.pdf"
},
{
"trust": 2.2,
"url": "https://www.youtube.com/watch?v=scckki7caw0"
},
{
"trust": 1.6,
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2358"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2358"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40064"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1495"
},
{
"db": "NVD",
"id": "CVE-2016-2358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-40064"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1495"
},
{
"db": "NVD",
"id": "CVE-2016-2358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40064"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1495"
},
{
"date": "2019-10-25T15:15:11.653000",
"db": "NVD",
"id": "CVE-2016-2358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40064"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009570"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1495"
},
{
"date": "2024-11-21T02:48:17.510000",
"db": "NVD",
"id": "CVE-2016-2358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1495"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009570"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1495"
}
],
"trust": 0.6
}
}
VAR-201910-1357
Vulnerability from variot - Updated: 2024-11-23 23:08Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. Milesight IP security cameras Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could use this vulnerability to access these accounts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1357",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip security camera",
"scope": "lte",
"trust": 1.0,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "lte",
"trust": 0.8,
"vendor": "milesight",
"version": "2016/11/14"
},
{
"model": "ip security cameras",
"scope": "lt",
"trust": 0.6,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "eq",
"trust": 0.6,
"vendor": "milesight",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40066"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1496"
},
{
"db": "NVD",
"id": "CVE-2016-2360"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:milesight:ip_security_camera_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009572"
}
]
},
"cve": "CVE-2016-2360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2360",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-40066",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2360",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2360",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2360",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2360",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-40066",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1496",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40066"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1496"
},
{
"db": "NVD",
"id": "CVE-2016-2360"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers\u0027 installations. Milesight IP security cameras Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could use this vulnerability to access these accounts",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"db": "CNVD",
"id": "CNVD-2019-40066"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2360",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009572",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-40066",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1496",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40066"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1496"
},
{
"db": "NVD",
"id": "CVE-2016-2360"
}
]
},
"id": "VAR-201910-1357",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40066"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40066"
}
]
},
"last_update_date": "2024-11-23T23:08:13.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.milesight.com/"
},
{
"title": "Patch for Milesight IP security cameras Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189461"
},
{
"title": "Milesight IP security cameras Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101403"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40066"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"db": "NVD",
"id": "CVE-2016-2360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://kirils.org/slides/2016-10-06_milesight_initial.pdf"
},
{
"trust": 2.2,
"url": "https://www.youtube.com/watch?v=scckki7caw0"
},
{
"trust": 1.6,
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2360"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2360"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40066"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1496"
},
{
"db": "NVD",
"id": "CVE-2016-2360"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-40066"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1496"
},
{
"db": "NVD",
"id": "CVE-2016-2360"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40066"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1496"
},
{
"date": "2019-10-25T15:15:11.793000",
"db": "NVD",
"id": "CVE-2016-2360"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40066"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009572"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1496"
},
{
"date": "2024-11-21T02:48:17.753000",
"db": "NVD",
"id": "CVE-2016-2360"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1496"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40066"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1496"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1496"
}
],
"trust": 0.6
}
}
VAR-201910-1356
Vulnerability from variot - Updated: 2024-11-23 23:04Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. Milesight IP security cameras Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Milesight IP security cameras is an IP camera product of China Milesight Digital Technology (Milesight).
There are security vulnerabilities in Milesight IP security cameras 2016-11-14 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip security camera",
"scope": "lte",
"trust": 1.0,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "lte",
"trust": 0.8,
"vendor": "milesight",
"version": "2016/11/14"
},
{
"model": "ip security cameras",
"scope": "lt",
"trust": 0.6,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "eq",
"trust": 0.6,
"vendor": "milesight",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40065"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1497"
},
{
"db": "NVD",
"id": "CVE-2016-2359"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:milesight:ip_security_camera_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
}
]
},
"cve": "CVE-2016-2359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2359",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-40065",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2359",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2359",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2359",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2359",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-40065",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1497",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40065"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1497"
},
{
"db": "NVD",
"id": "CVE-2016-2359"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. Milesight IP security cameras Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Milesight IP security cameras is an IP camera product of China Milesight Digital Technology (Milesight). \n\nThere are security vulnerabilities in Milesight IP security cameras 2016-11-14 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2359"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"db": "CNVD",
"id": "CNVD-2019-40065"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2359",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009571",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-40065",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1497",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40065"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1497"
},
{
"db": "NVD",
"id": "CVE-2016-2359"
}
]
},
"id": "VAR-201910-1356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40065"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40065"
}
]
},
"last_update_date": "2024-11-23T23:04:36.445000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.milesight.com/"
},
{
"title": "Patch for Milesight IP security cameras authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189463"
},
{
"title": "Milesight IP security cameras Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101404"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40065"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1497"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"db": "NVD",
"id": "CVE-2016-2359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://kirils.org/slides/2016-10-06_milesight_initial.pdf"
},
{
"trust": 2.2,
"url": "https://www.youtube.com/watch?v=scckki7caw0"
},
{
"trust": 1.6,
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2359"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2359"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40065"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1497"
},
{
"db": "NVD",
"id": "CVE-2016-2359"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-40065"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1497"
},
{
"db": "NVD",
"id": "CVE-2016-2359"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40065"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1497"
},
{
"date": "2019-10-25T15:15:11.730000",
"db": "NVD",
"id": "CVE-2016-2359"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40065"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009571"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1497"
},
{
"date": "2024-11-21T02:48:17.623000",
"db": "NVD",
"id": "CVE-2016-2359"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1497"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009571"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1497"
}
],
"trust": 0.6
}
}
VAR-201910-1354
Vulnerability from variot - Updated: 2024-11-23 22:11Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. Milesight IP security cameras Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. There are currently no detailed details of the vulnerability provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1354",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip security camera",
"scope": "lte",
"trust": 1.0,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "lte",
"trust": 0.8,
"vendor": "milesight",
"version": "2016/11/14"
},
{
"model": "ip security cameras",
"scope": "lt",
"trust": 0.6,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "eq",
"trust": 0.6,
"vendor": "milesight",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40063"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1494"
},
{
"db": "NVD",
"id": "CVE-2016-2357"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:milesight:ip_security_camera_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
}
]
},
"cve": "CVE-2016-2357",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2357",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-40063",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2357",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2357",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2357",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2357",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-40063",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1494",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-2357",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40063"
},
{
"db": "VULMON",
"id": "CVE-2016-2357"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1494"
},
{
"db": "NVD",
"id": "CVE-2016-2357"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. Milesight IP security cameras Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. There are currently no detailed details of the vulnerability provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2357"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"db": "CNVD",
"id": "CNVD-2019-40063"
},
{
"db": "VULMON",
"id": "CVE-2016-2357"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2357",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009569",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-40063",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1494",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-2357",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40063"
},
{
"db": "VULMON",
"id": "CVE-2016-2357"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1494"
},
{
"db": "NVD",
"id": "CVE-2016-2357"
}
]
},
"id": "VAR-201910-1354",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40063"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40063"
}
]
},
"last_update_date": "2024-11-23T22:11:47.089000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.milesight.com/"
},
{
"title": "Patch for Milesight IP security cameras Trust Management Issues Vulnerability (CNVD-2019-40063)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189467"
},
{
"title": "Milesight IP security cameras Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101401"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40063"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1494"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"db": "NVD",
"id": "CVE-2016-2357"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://kirils.org/slides/2016-10-06_milesight_initial.pdf"
},
{
"trust": 2.3,
"url": "https://www.youtube.com/watch?v=scckki7caw0"
},
{
"trust": 1.7,
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2357"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2357"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40063"
},
{
"db": "VULMON",
"id": "CVE-2016-2357"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1494"
},
{
"db": "NVD",
"id": "CVE-2016-2357"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-40063"
},
{
"db": "VULMON",
"id": "CVE-2016-2357"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1494"
},
{
"db": "NVD",
"id": "CVE-2016-2357"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40063"
},
{
"date": "2019-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2357"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1494"
},
{
"date": "2019-10-25T15:15:11.590000",
"db": "NVD",
"id": "CVE-2016-2357"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40063"
},
{
"date": "2019-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2357"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009569"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1494"
},
{
"date": "2024-11-21T02:48:17.390000",
"db": "NVD",
"id": "CVE-2016-2357"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1494"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009569"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1494"
}
],
"trust": 0.6
}
}
VAR-201910-1353
Vulnerability from variot - Updated: 2024-11-23 21:36Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. Milesight IP security cameras Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Milesight IP security cameras is an IP camera product of China Milesight Digital Technology (Milesight). The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip security camera",
"scope": "lte",
"trust": 1.0,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "lte",
"trust": 0.8,
"vendor": "milesight",
"version": "2016/11/14"
},
{
"model": "ip security cameras",
"scope": "lt",
"trust": 0.6,
"vendor": "milesight",
"version": "2016-11-14"
},
{
"model": "ip security camera",
"scope": "eq",
"trust": 0.6,
"vendor": "milesight",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1492"
},
{
"db": "NVD",
"id": "CVE-2016-2356"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:milesight:ip_security_camera_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
}
]
},
"cve": "CVE-2016-2356",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-40062",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2356",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2356",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2356",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2356",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-40062",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1492",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1492"
},
{
"db": "NVD",
"id": "CVE-2016-2356"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. Milesight IP security cameras Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Milesight IP security cameras is an IP camera product of China Milesight Digital Technology (Milesight). The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2356"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"db": "CNVD",
"id": "CNVD-2019-40062"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2356",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009568",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-40062",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1492",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1492"
},
{
"db": "NVD",
"id": "CVE-2016-2356"
}
]
},
"id": "VAR-201910-1353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40062"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40062"
}
]
},
"last_update_date": "2024-11-23T21:36:34.496000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.milesight.com/"
},
{
"title": "Patch for Milesight IP security cameras buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189469"
},
{
"title": "Milesight IP security cameras Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100873"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1492"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"db": "NVD",
"id": "CVE-2016-2356"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://kirils.org/slides/2016-10-06_milesight_initial.pdf"
},
{
"trust": 2.2,
"url": "https://www.youtube.com/watch?v=scckki7caw0"
},
{
"trust": 1.6,
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2356"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2356"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1492"
},
{
"db": "NVD",
"id": "CVE-2016-2356"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-40062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1492"
},
{
"db": "NVD",
"id": "CVE-2016-2356"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40062"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1492"
},
{
"date": "2019-10-25T15:15:11.513000",
"db": "NVD",
"id": "CVE-2016-2356"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40062"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009568"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1492"
},
{
"date": "2024-11-21T02:48:17.263000",
"db": "NVD",
"id": "CVE-2016-2356"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1492"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Milesight IP security cameras Vulnerable to classic buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009568"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1492"
}
],
"trust": 0.6
}
}
CVE-2016-2360 (GCVE-0-2016-2360)
Vulnerability from nvd – Published: 2019-10-25 12:45 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
Severity ?
No CVSS data available.
CWE
- default password
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers\u0027 installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "default password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:45:38",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers\u0027 installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "default password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2360",
"datePublished": "2019-10-25T12:45:38",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2359 (GCVE-0-2016-2359)
Vulnerability from nvd – Published: 2019-10-25 12:46 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.
Severity ?
No CVSS data available.
CWE
- incorrect access control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "incorrect access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:46:27",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2359",
"datePublished": "2019-10-25T12:46:27",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2358 (GCVE-0-2016-2358)
Vulnerability from nvd – Published: 2019-10-25 12:46 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.
Severity ?
No CVSS data available.
CWE
- default accounts
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "default accounts",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:46:09",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "default accounts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2358",
"datePublished": "2019-10-25T12:46:09",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2357 (GCVE-0-2016-2357)
Vulnerability from nvd – Published: 2019-10-25 12:46 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.
Severity ?
No CVSS data available.
CWE
- hardcoded key
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "hardcoded key",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:46:48",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "hardcoded key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2357",
"datePublished": "2019-10-25T12:46:48",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2356 (GCVE-0-2016-2356)
Vulnerability from nvd – Published: 2019-10-25 12:46 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.
Severity ?
No CVSS data available.
CWE
- buffer overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:46:38",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2356",
"datePublished": "2019-10-25T12:46:38",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2357 (GCVE-0-2016-2357)
Vulnerability from cvelistv5 – Published: 2019-10-25 12:46 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.
Severity ?
No CVSS data available.
CWE
- hardcoded key
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "hardcoded key",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:46:48",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "hardcoded key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2357",
"datePublished": "2019-10-25T12:46:48",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2356 (GCVE-0-2016-2356)
Vulnerability from cvelistv5 – Published: 2019-10-25 12:46 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.
Severity ?
No CVSS data available.
CWE
- buffer overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:46:38",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2356",
"datePublished": "2019-10-25T12:46:38",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2359 (GCVE-0-2016-2359)
Vulnerability from cvelistv5 – Published: 2019-10-25 12:46 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.
Severity ?
No CVSS data available.
CWE
- incorrect access control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "incorrect access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:46:27",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2359",
"datePublished": "2019-10-25T12:46:27",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2358 (GCVE-0-2016-2358)
Vulnerability from cvelistv5 – Published: 2019-10-25 12:46 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.
Severity ?
No CVSS data available.
CWE
- default accounts
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "default accounts",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:46:09",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "default accounts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2358",
"datePublished": "2019-10-25T12:46:09",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2360 (GCVE-0-2016-2360)
Vulnerability from cvelistv5 – Published: 2019-10-25 12:45 – Updated: 2024-08-05 23:24
VLAI?
Summary
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
Severity ?
No CVSS data available.
CWE
- default password
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Milesight | IP security cameras |
Affected:
through 2016-11-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IP security cameras",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "through 2016-11-14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers\u0027 installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "default password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T12:45:38",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IP security cameras",
"version": {
"version_data": [
{
"version_value": "through 2016-11-14"
}
]
}
}
]
},
"vendor_name": "Milesight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers\u0027 installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "default password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/",
"refsource": "MISC",
"url": "https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/"
},
{
"name": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf",
"refsource": "MISC",
"url": "http://kirils.org/slides/2016-10-06_Milesight_initial.pdf"
},
{
"name": "https://www.youtube.com/watch?v=scckkI7CAW0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=scckkI7CAW0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2360",
"datePublished": "2019-10-25T12:45:38",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}