Search
Find a vulnerability
Search criteria
8 vulnerabilities by SPOTCAM CO., LTD.
CVE-2023-38027 (GCVE-0-2023-38027)
Vulnerability from nvd – Published: 2023-08-28 03:37 – Updated: 2024-10-14 03:32
VLAI
EPSS
VEX
Title
SpotCam Co., Ltd. SpotCam Sense - Command Injection
Summary
SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SPOTCAM CO., LTD. | SpotCam Sense |
Affected:
2.2044
|
|
| spotcam_co_ltd | spotcam_sense |
Affected:
2.2044
cpe:2.3:a:spotcam_co_ltd:spotcam_sense:*:*:*:*:*:*:*:* |
Date Public
2023-08-31 01:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spotcam_co_ltd:spotcam_sense:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spotcam_sense",
"vendor": "spotcam_co_ltd",
"versions": [
{
"status": "affected",
"version": "2.2044"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:15:13.406836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T14:16:40.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpotCam Sense",
"vendor": "SPOTCAM CO., LTD.",
"versions": [
{
"status": "affected",
"version": "2.2044"
}
]
}
],
"datePublic": "2023-08-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.\u003c/span\u003e"
}
],
"value": "SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T03:32:16.132Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update firmware version to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev2.2046\u003c/span\u003e\n\n or later.\u003cbr\u003e"
}
],
"value": "Update firmware version to \n\nv2.2046\n\n or later."
}
],
"source": {
"advisory": "TVN-202308007",
"discovery": "EXTERNAL"
},
"title": "SpotCam Co., Ltd. SpotCam Sense - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-38027",
"datePublished": "2023-08-28T03:37:19.941Z",
"dateReserved": "2023-07-12T00:37:03.717Z",
"dateUpdated": "2024-10-14T03:32:16.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38026 (GCVE-0-2023-38026)
Vulnerability from nvd – Published: 2023-08-28 03:29 – Updated: 2024-10-02 14:59
VLAI
EPSS
VEX
Title
SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -2
Summary
SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SPOTCAM CO., LTD. | SpotCam FHD 2 |
Affected:
1.0036
|
|
| spotcam_co_ltd | spotcam_fhd2 |
Affected:
1.0036
cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:* |
Date Public
2023-08-31 01:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7333-972ca-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spotcam_fhd2",
"vendor": "spotcam_co_ltd",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:58:11.203478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T14:59:17.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpotCam FHD 2",
"vendor": "SPOTCAM CO., LTD.",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"datePublic": "2023-08-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\u003c/span\u003e\n\n"
}
],
"value": "\nSpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70: Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T03:29:08.582Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7333-972ca-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nUpdate firmware version to 1.0039 or later.\u003cbr\u003e"
}
],
"value": "\n\n\nUpdate firmware version to 1.0039 or later.\n"
}
],
"source": {
"advisory": "TVN-202308006",
"discovery": "EXTERNAL"
},
"title": "SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -2",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-38026",
"datePublished": "2023-08-28T03:29:08.582Z",
"dateReserved": "2023-07-12T00:37:03.717Z",
"dateUpdated": "2024-10-02T14:59:17.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38025 (GCVE-0-2023-38025)
Vulnerability from nvd – Published: 2023-08-28 03:21 – Updated: 2024-10-02 15:00
VLAI
EPSS
VEX
Title
SpotCam Co., Ltd. SpotCamFHD - Command Injection -1
Summary
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE 78 OS Command Injection
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SPOTCAM CO., LTD. | SpotCam FHD 2 |
Affected:
1.0036
|
|
| spotcam_co_ltd | spotcam_fhd2 |
Affected:
1.0036
cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:* |
Date Public
2023-08-31 01:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7332-ee011-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spotcam_fhd2",
"vendor": "spotcam_co_ltd",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:59:42.269526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:00:17.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpotCam FHD 2",
"vendor": "SPOTCAM CO., LTD.",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"datePublic": "2023-08-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.\u003c/span\u003e\n\n"
}
],
"value": "\nSpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 78 OS Command Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T03:21:04.106Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7332-ee011-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate firmware version to 1.0039 or later. \n\n\u003cbr\u003e"
}
],
"value": "\nUpdate firmware version to 1.0039 or later. \n\n\n"
}
],
"source": {
"advisory": "TVN-202308005",
"discovery": "EXTERNAL"
},
"title": "SpotCam Co., Ltd. SpotCamFHD - Command Injection -1",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-38025",
"datePublished": "2023-08-28T03:21:04.106Z",
"dateReserved": "2023-07-12T00:37:03.716Z",
"dateUpdated": "2024-10-02T15:00:17.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38024 (GCVE-0-2023-38024)
Vulnerability from nvd – Published: 2023-08-28 03:14 – Updated: 2024-10-02 15:01
VLAI
EPSS
VEX
Title
SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1
Summary
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SPOTCAM CO., LTD. | SpotCam FHD 2 |
Affected:
1.0036
|
|
| spotcam_co_ltd | spotcam_fhd2 |
Affected:
1.0036
cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:* |
Date Public
2023-08-31 01:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spotcam_fhd2",
"vendor": "spotcam_co_ltd",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:00:46.545506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:01:18.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpotCam FHD 2",
"vendor": "SPOTCAM CO., LTD.",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"datePublic": "2023-08-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\u003c/span\u003e\n\n"
}
],
"value": "\nSpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T03:14:20.410Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update firmware version to 1.0039 or later.\u0026nbsp;"
}
],
"value": "Update firmware version to 1.0039 or later.\u00a0"
}
],
"source": {
"advisory": "TVN-202308004",
"discovery": "EXTERNAL"
},
"title": "SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-38024",
"datePublished": "2023-08-28T03:14:20.410Z",
"dateReserved": "2023-07-12T00:37:03.716Z",
"dateUpdated": "2024-10-02T15:01:18.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38027 (GCVE-0-2023-38027)
Vulnerability from cvelistv5 – Published: 2023-08-28 03:37 – Updated: 2024-10-14 03:32
VLAI
EPSS
VEX
Title
SpotCam Co., Ltd. SpotCam Sense - Command Injection
Summary
SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SPOTCAM CO., LTD. | SpotCam Sense |
Affected:
2.2044
|
|
| spotcam_co_ltd | spotcam_sense |
Affected:
2.2044
cpe:2.3:a:spotcam_co_ltd:spotcam_sense:*:*:*:*:*:*:*:* |
Date Public
2023-08-31 01:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spotcam_co_ltd:spotcam_sense:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spotcam_sense",
"vendor": "spotcam_co_ltd",
"versions": [
{
"status": "affected",
"version": "2.2044"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:15:13.406836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T14:16:40.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpotCam Sense",
"vendor": "SPOTCAM CO., LTD.",
"versions": [
{
"status": "affected",
"version": "2.2044"
}
]
}
],
"datePublic": "2023-08-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.\u003c/span\u003e"
}
],
"value": "SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T03:32:16.132Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update firmware version to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev2.2046\u003c/span\u003e\n\n or later.\u003cbr\u003e"
}
],
"value": "Update firmware version to \n\nv2.2046\n\n or later."
}
],
"source": {
"advisory": "TVN-202308007",
"discovery": "EXTERNAL"
},
"title": "SpotCam Co., Ltd. SpotCam Sense - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-38027",
"datePublished": "2023-08-28T03:37:19.941Z",
"dateReserved": "2023-07-12T00:37:03.717Z",
"dateUpdated": "2024-10-14T03:32:16.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38026 (GCVE-0-2023-38026)
Vulnerability from cvelistv5 – Published: 2023-08-28 03:29 – Updated: 2024-10-02 14:59
VLAI
EPSS
VEX
Title
SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -2
Summary
SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SPOTCAM CO., LTD. | SpotCam FHD 2 |
Affected:
1.0036
|
|
| spotcam_co_ltd | spotcam_fhd2 |
Affected:
1.0036
cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:* |
Date Public
2023-08-31 01:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7333-972ca-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spotcam_fhd2",
"vendor": "spotcam_co_ltd",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:58:11.203478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T14:59:17.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpotCam FHD 2",
"vendor": "SPOTCAM CO., LTD.",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"datePublic": "2023-08-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\u003c/span\u003e\n\n"
}
],
"value": "\nSpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70: Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T03:29:08.582Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7333-972ca-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nUpdate firmware version to 1.0039 or later.\u003cbr\u003e"
}
],
"value": "\n\n\nUpdate firmware version to 1.0039 or later.\n"
}
],
"source": {
"advisory": "TVN-202308006",
"discovery": "EXTERNAL"
},
"title": "SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -2",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-38026",
"datePublished": "2023-08-28T03:29:08.582Z",
"dateReserved": "2023-07-12T00:37:03.717Z",
"dateUpdated": "2024-10-02T14:59:17.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38025 (GCVE-0-2023-38025)
Vulnerability from cvelistv5 – Published: 2023-08-28 03:21 – Updated: 2024-10-02 15:00
VLAI
EPSS
VEX
Title
SpotCam Co., Ltd. SpotCamFHD - Command Injection -1
Summary
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE 78 OS Command Injection
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SPOTCAM CO., LTD. | SpotCam FHD 2 |
Affected:
1.0036
|
|
| spotcam_co_ltd | spotcam_fhd2 |
Affected:
1.0036
cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:* |
Date Public
2023-08-31 01:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7332-ee011-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spotcam_fhd2",
"vendor": "spotcam_co_ltd",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:59:42.269526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:00:17.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpotCam FHD 2",
"vendor": "SPOTCAM CO., LTD.",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"datePublic": "2023-08-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.\u003c/span\u003e\n\n"
}
],
"value": "\nSpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 78 OS Command Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T03:21:04.106Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7332-ee011-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate firmware version to 1.0039 or later. \n\n\u003cbr\u003e"
}
],
"value": "\nUpdate firmware version to 1.0039 or later. \n\n\n"
}
],
"source": {
"advisory": "TVN-202308005",
"discovery": "EXTERNAL"
},
"title": "SpotCam Co., Ltd. SpotCamFHD - Command Injection -1",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-38025",
"datePublished": "2023-08-28T03:21:04.106Z",
"dateReserved": "2023-07-12T00:37:03.716Z",
"dateUpdated": "2024-10-02T15:00:17.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38024 (GCVE-0-2023-38024)
Vulnerability from cvelistv5 – Published: 2023-08-28 03:14 – Updated: 2024-10-02 15:01
VLAI
EPSS
VEX
Title
SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1
Summary
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SPOTCAM CO., LTD. | SpotCam FHD 2 |
Affected:
1.0036
|
|
| spotcam_co_ltd | spotcam_fhd2 |
Affected:
1.0036
cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:* |
Date Public
2023-08-31 01:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spotcam_fhd2",
"vendor": "spotcam_co_ltd",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:00:46.545506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:01:18.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpotCam FHD 2",
"vendor": "SPOTCAM CO., LTD.",
"versions": [
{
"status": "affected",
"version": "1.0036"
}
]
}
],
"datePublic": "2023-08-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\u003c/span\u003e\n\n"
}
],
"value": "\nSpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T03:14:20.410Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update firmware version to 1.0039 or later.\u0026nbsp;"
}
],
"value": "Update firmware version to 1.0039 or later.\u00a0"
}
],
"source": {
"advisory": "TVN-202308004",
"discovery": "EXTERNAL"
},
"title": "SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-38024",
"datePublished": "2023-08-28T03:14:20.410Z",
"dateReserved": "2023-07-12T00:37:03.716Z",
"dateUpdated": "2024-10-02T15:01:18.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}