Search criteria
4 vulnerabilities found for ZMB-01/C by Zamel
CVE-2024-5634 (GCVE-0-2024-5634)
Vulnerability from nvd – Published: 2024-07-09 10:58 – Updated: 2024-08-01 21:18 Unsupported When Assigned
VLAI
Summary
Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy.
Additionally, every camera with the same firmware version shares the same password.
Severity
CWE
- CWE-1391 - Use of Weak Credentials
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://zamel.com/pl/gardi/zestaw-monitoringu-bez… | product |
| https://cert.pl/en/posts/2024/07/CVE-2024-5631/ | third-party-advisory |
| https://cert.pl/posts/2024/07/CVE-2024-5631/ | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Longse Technology | LBH30FE200W |
Affected:
0 , ≤ *
(custom)
|
|
| Zamel | ZMB-01/C |
Affected:
0 , ≤ *
(custom)
|
Date Public
2024-07-09 10:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:longse_technology:lbh30fe200w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lbh30fe200w",
"vendor": "longse_technology",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zamel:zmb-01:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zmb-01",
"vendor": "zamel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T21:27:13.841284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T21:29:00.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LBH30FE200W",
"vendor": "Longse Technology",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "ZMB-01/C",
"vendor": "Zamel",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Zambrzycki"
}
],
"datePublic": "2024-07-09T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Longse model\u0026nbsp;LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy.\u0026nbsp;\u003cbr\u003eAdditionally, every camera with the same firmware version shares the same password.\u0026nbsp;"
}
],
"value": "Longse model\u00a0LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy.\u00a0\nAdditionally, every camera with the same firmware version shares the same password."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T10:58:47.153Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-5634",
"datePublished": "2024-07-09T10:58:47.153Z",
"dateReserved": "2024-06-04T14:42:05.336Z",
"dateUpdated": "2024-08-01T21:18:06.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5633 (GCVE-0-2024-5633)
Vulnerability from nvd – Published: 2024-07-09 10:58 – Updated: 2024-08-01 21:18 Unsupported When Assigned
VLAI
Summary
Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.
An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.
Severity
CWE
- CWE-912 - Hidden Functionality
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://zamel.com/pl/gardi/zestaw-monitoringu-bez… | product |
| https://cert.pl/en/posts/2024/07/CVE-2024-5631/ | third-party-advisory |
| https://cert.pl/posts/2024/07/CVE-2024-5631/ | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Longse Technology | LBH30FE200W |
Affected:
0 , ≤ *
(custom)
|
|
| Zamel | ZMB-01/C |
Affected:
0 , ≤ *
(custom)
|
Date Public
2024-07-09 10:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:longse_technology:lbh30fe200w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lbh30fe200w",
"vendor": "longse_technology",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zamel:zmb-01:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zmb-01",
"vendor": "zamel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T14:05:59.423707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T14:20:59.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LBH30FE200W",
"vendor": "Longse Technology",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "ZMB-01/C",
"vendor": "Zamel",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Zambrzycki"
}
],
"datePublic": "2024-07-09T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Longse model\u0026nbsp;LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service \u003ci\u003eCoolView\u003c/i\u003e on one of the ports.\u0026nbsp;\u003cbr\u003eAn attacker with a knowledge of the available commands is able to perform read/write operations on the device\u0027s memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.\u0026nbsp;"
}
],
"value": "Longse model\u00a0LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.\u00a0\nAn attacker with a knowledge of the available commands is able to perform read/write operations on the device\u0027s memory, which might result in e.g. bypassing telnet login and obtaining full access to the device."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T10:58:17.510Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-5633",
"datePublished": "2024-07-09T10:58:17.510Z",
"dateReserved": "2024-06-04T14:42:04.550Z",
"dateUpdated": "2024-08-01T21:18:06.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5634 (GCVE-0-2024-5634)
Vulnerability from cvelistv5 – Published: 2024-07-09 10:58 – Updated: 2024-08-01 21:18 Unsupported When Assigned
VLAI
Summary
Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy.
Additionally, every camera with the same firmware version shares the same password.
Severity
CWE
- CWE-1391 - Use of Weak Credentials
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://zamel.com/pl/gardi/zestaw-monitoringu-bez… | product |
| https://cert.pl/en/posts/2024/07/CVE-2024-5631/ | third-party-advisory |
| https://cert.pl/posts/2024/07/CVE-2024-5631/ | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Longse Technology | LBH30FE200W |
Affected:
0 , ≤ *
(custom)
|
|
| Zamel | ZMB-01/C |
Affected:
0 , ≤ *
(custom)
|
Date Public
2024-07-09 10:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:longse_technology:lbh30fe200w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lbh30fe200w",
"vendor": "longse_technology",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zamel:zmb-01:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zmb-01",
"vendor": "zamel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T21:27:13.841284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T21:29:00.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LBH30FE200W",
"vendor": "Longse Technology",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "ZMB-01/C",
"vendor": "Zamel",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Zambrzycki"
}
],
"datePublic": "2024-07-09T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Longse model\u0026nbsp;LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy.\u0026nbsp;\u003cbr\u003eAdditionally, every camera with the same firmware version shares the same password.\u0026nbsp;"
}
],
"value": "Longse model\u00a0LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy.\u00a0\nAdditionally, every camera with the same firmware version shares the same password."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T10:58:47.153Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-5634",
"datePublished": "2024-07-09T10:58:47.153Z",
"dateReserved": "2024-06-04T14:42:05.336Z",
"dateUpdated": "2024-08-01T21:18:06.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5633 (GCVE-0-2024-5633)
Vulnerability from cvelistv5 – Published: 2024-07-09 10:58 – Updated: 2024-08-01 21:18 Unsupported When Assigned
VLAI
Summary
Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.
An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.
Severity
CWE
- CWE-912 - Hidden Functionality
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://zamel.com/pl/gardi/zestaw-monitoringu-bez… | product |
| https://cert.pl/en/posts/2024/07/CVE-2024-5631/ | third-party-advisory |
| https://cert.pl/posts/2024/07/CVE-2024-5631/ | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Longse Technology | LBH30FE200W |
Affected:
0 , ≤ *
(custom)
|
|
| Zamel | ZMB-01/C |
Affected:
0 , ≤ *
(custom)
|
Date Public
2024-07-09 10:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:longse_technology:lbh30fe200w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lbh30fe200w",
"vendor": "longse_technology",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zamel:zmb-01:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zmb-01",
"vendor": "zamel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T14:05:59.423707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T14:20:59.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LBH30FE200W",
"vendor": "Longse Technology",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "ZMB-01/C",
"vendor": "Zamel",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Zambrzycki"
}
],
"datePublic": "2024-07-09T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Longse model\u0026nbsp;LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service \u003ci\u003eCoolView\u003c/i\u003e on one of the ports.\u0026nbsp;\u003cbr\u003eAn attacker with a knowledge of the available commands is able to perform read/write operations on the device\u0027s memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.\u0026nbsp;"
}
],
"value": "Longse model\u00a0LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.\u00a0\nAn attacker with a knowledge of the available commands is able to perform read/write operations on the device\u0027s memory, which might result in e.g. bypassing telnet login and obtaining full access to the device."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T10:58:17.510Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-5633",
"datePublished": "2024-07-09T10:58:17.510Z",
"dateReserved": "2024-06-04T14:42:04.550Z",
"dateUpdated": "2024-08-01T21:18:06.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}