Find a vulnerability
Search criteria
5 vulnerabilities by sannce
VAR-202104-0039
Vulnerability from variot - Updated: 2025-01-30 22:11An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically.
[VulnerabilityType Other] Denial of Service due to incorrect error handling
[Vendor of Product] Sannce
[Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317
[Affected Component] Webserver, custom UDP handling binary.
[Attack Type] Remote
[Impact Denial of Service] true
[Attack Vectors] Any attacker capable of reaching the device with a network packet is capable of causing a DoS.
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.
[Reference] https://www.sannce.com
Use CVE-2019-20463
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 1.8,
"vendor": "sannce",
"version": null
},
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 0.8,
"vendor": "sannce",
"version": "smart hd wifi security camera ean 2 950004 595317 firmware"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005184"
},
{
"db": "NVD",
"id": "CVE-2019-20463"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2019-20463",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-20463",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20463",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-20463",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20463",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-20463",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-102",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-20463",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20463"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005184"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-102"
},
{
"db": "NVD",
"id": "CVE-2019-20463"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically. \n\n------------------------------------------\n\n[VulnerabilityType Other]\nDenial of Service due to incorrect error handling\n\n------------------------------------------\n\n[Vendor of Product]\nSannce\n\n------------------------------------------\n\n[Affected Product Code Base]\nSannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317\n\n------------------------------------------\n\n[Affected Component]\nWebserver, custom UDP handling binary. \n\n------------------------------------------\n\n[Attack Type]\nRemote\n\n------------------------------------------\n\n[Impact Denial of Service]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nAny attacker capable of reaching the device with a network packet is capable of causing a DoS. \n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. \n\n------------------------------------------\n\n[Reference]\nhttps://www.sannce.com\n\nUse CVE-2019-20463",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20463"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005184"
},
{
"db": "VULMON",
"id": "CVE-2019-20463"
},
{
"db": "PACKETSTORM",
"id": "179812"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20463",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005184",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-102",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-20463",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179812",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20463"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005184"
},
{
"db": "PACKETSTORM",
"id": "179812"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-102"
},
{
"db": "NVD",
"id": "CVE-2019-20463"
}
]
},
"id": "VAR-202104-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-01-30T22:11:00.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.sannce.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005184"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005184"
},
{
"db": "NVD",
"id": "CVE-2019-20463"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitors-part-2/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20463"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.sannce.com"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20463"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005184"
},
{
"db": "PACKETSTORM",
"id": "179812"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-102"
},
{
"db": "NVD",
"id": "CVE-2019-20463"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20463"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005184"
},
{
"db": "PACKETSTORM",
"id": "179812"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-102"
},
{
"db": "NVD",
"id": "CVE-2019-20463"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20463"
},
{
"date": "2021-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005184"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179812"
},
{
"date": "2021-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-102"
},
{
"date": "2021-04-02T16:15:12.977000",
"db": "NVD",
"id": "CVE-2019-20463"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20463"
},
{
"date": "2021-12-09T05:34:00",
"db": "JVNDB",
"id": "JVNDB-2021-005184"
},
{
"date": "2021-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-102"
},
{
"date": "2024-11-21T04:38:32.493000",
"db": "NVD",
"id": "CVE-2019-20463"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sannce\u00a0Smart\u00a0HD\u00a0Wifi\u00a0Security\u00a0Camera\u00a0EAN\u00a02\u00a0950004\u00a0595317\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005184"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-102"
}
],
"trust": 0.6
}
}
VAR-202107-0029
Vulnerability from variot - Updated: 2025-01-30 21:08An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root and default) exist that can be used on this interface. The usernames and passwords of the backdoor accounts are the same on all devices. Attackers can use these backdoor accounts to obtain access and execute code as root within the device. (DoS) It may be in a state.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Sannce
[Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317
[Affected Component] Telnet daemon
[Attack Type] Local
[Impact Code execution] true
[Attack Vectors] Anyone with network access to the device can trigger this vulnerability.
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.
[Reference] https://www.sannce.com
Use CVE-2019-20467
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 1.8,
"vendor": "sannce",
"version": null
},
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 0.8,
"vendor": "sannce",
"version": "smart hd wifi security camera ean 2 950004 595317 firmware"
},
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": null,
"trust": 0.8,
"vendor": "sannce",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"db": "NVD",
"id": "CVE-2019-20467"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2019-20467",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-20467",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20467",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-20467",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20467",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-20467",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1748",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1748"
},
{
"db": "NVD",
"id": "CVE-2019-20467"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root and default) exist that can be used on this interface. The usernames and passwords of the backdoor accounts are the same on all devices. Attackers can use these backdoor accounts to obtain access and execute code as root within the device. (DoS) It may be in a state. \n\n------------------------------------------\n\n[Vulnerability Type]\nIncorrect Access Control\n\n------------------------------------------\n\n[Vendor of Product]\nSannce\n\n------------------------------------------\n\n[Affected Product Code Base]\nSannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317\n\n------------------------------------------\n\n[Affected Component]\nTelnet daemon\n\n------------------------------------------\n\n[Attack Type]\nLocal\n\n------------------------------------------\n\n[Impact Code execution]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nAnyone with network access to the device can trigger this vulnerability. \n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. \n\n------------------------------------------\n\n[Reference]\nhttps://www.sannce.com\n\nUse CVE-2019-20467",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20467"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"db": "VULMON",
"id": "CVE-2019-20467"
},
{
"db": "PACKETSTORM",
"id": "179816"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20467",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010332",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1748",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-20467",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179816",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20467"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"db": "PACKETSTORM",
"id": "179816"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1748"
},
{
"db": "NVD",
"id": "CVE-2019-20467"
}
]
},
"id": "VAR-202107-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-01-30T21:08:59.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.sannce.com"
},
{
"title": "Sannce Smart HD Wifi Security Camera Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157698"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1748"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"db": "NVD",
"id": "CVE-2019-20467"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitors-part-2/"
},
{
"trust": 1.8,
"url": "https://www.sannce.com"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20467"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20467"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"db": "PACKETSTORM",
"id": "179816"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1748"
},
{
"db": "NVD",
"id": "CVE-2019-20467"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20467"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"db": "PACKETSTORM",
"id": "179816"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1748"
},
{
"db": "NVD",
"id": "CVE-2019-20467"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20467"
},
{
"date": "2022-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179816"
},
{
"date": "2021-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1748"
},
{
"date": "2021-07-22T13:15:08.027000",
"db": "NVD",
"id": "CVE-2019-20467"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20467"
},
{
"date": "2022-06-29T06:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-010332"
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1748"
},
{
"date": "2024-07-30T01:15:10.893000",
"db": "NVD",
"id": "CVE-2019-20467"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1748"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sannce\u00a0Smart\u00a0HD\u00a0Wifi\u00a0Security\u00a0Camera\u00a0EAN\u00a02\u00a0950004\u00a0595317\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010332"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1748"
}
],
"trust": 0.6
}
}
VAR-202104-0042
Vulnerability from variot - Updated: 2025-01-30 20:59An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.
[Vulnerability Type] Insecure Permissions
[Vendor of Product] Sannce
[Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317
[Affected Component] Root user through file /etc/passwd
[Attack Type] Local
[Impact Escalation of Privileges] true
[Attack Vectors] To exploit the vulnerability, someone must be able to get local presence on the device. e.g. through command injection or by using the telnet interface as a low-privileged user.
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.
[Reference] https://www.sannce.com
Use CVE-2019-20466
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 1.8,
"vendor": "sannce",
"version": null
},
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 0.8,
"vendor": "sannce",
"version": "smart hd wifi security camera ean 2 950004 595317 firmware"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005175"
},
{
"db": "NVD",
"id": "CVE-2019-20466"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2019-20466",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20466",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-20466",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-20466",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20466",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2019-20466",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-20466",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-099",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-20466",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20466"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005175"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-099"
},
{
"db": "NVD",
"id": "CVE-2019-20466"
},
{
"db": "NVD",
"id": "CVE-2019-20466"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the \"default\" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device. \n\n------------------------------------------\n\n[Vulnerability Type]\nInsecure Permissions\n\n------------------------------------------\n\n[Vendor of Product]\nSannce\n\n------------------------------------------\n\n[Affected Product Code Base]\nSannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317\n\n------------------------------------------\n\n[Affected Component]\nRoot user through file /etc/passwd\n\n------------------------------------------\n\n[Attack Type]\nLocal\n\n------------------------------------------\n\n[Impact Escalation of Privileges]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nTo exploit the vulnerability, someone must be able to get local\npresence on the device. e.g. through command injection or by using the\ntelnet interface as a low-privileged user. \n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. \n\n------------------------------------------\n\n[Reference]\nhttps://www.sannce.com\n\nUse CVE-2019-20466",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20466"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005175"
},
{
"db": "VULMON",
"id": "CVE-2019-20466"
},
{
"db": "PACKETSTORM",
"id": "179815"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20466",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005175",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-099",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-20466",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179815",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20466"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005175"
},
{
"db": "PACKETSTORM",
"id": "179815"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-099"
},
{
"db": "NVD",
"id": "CVE-2019-20466"
}
]
},
"id": "VAR-202104-0042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-01-30T20:59:12.592000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.sannce.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005175"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-916",
"trust": 1.0
},
{
"problemtype": "Using weak password hashes (CWE-916) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005175"
},
{
"db": "NVD",
"id": "CVE-2019-20466"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitors-part-2/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20466"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/916.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.sannce.com"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20466"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005175"
},
{
"db": "PACKETSTORM",
"id": "179815"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-099"
},
{
"db": "NVD",
"id": "CVE-2019-20466"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20466"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005175"
},
{
"db": "PACKETSTORM",
"id": "179815"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-099"
},
{
"db": "NVD",
"id": "CVE-2019-20466"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20466"
},
{
"date": "2021-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005175"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179815"
},
{
"date": "2021-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-099"
},
{
"date": "2021-04-02T16:15:13.193000",
"db": "NVD",
"id": "CVE-2019-20466"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20466"
},
{
"date": "2021-12-09T03:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-005175"
},
{
"date": "2021-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-099"
},
{
"date": "2024-11-21T04:38:32.987000",
"db": "NVD",
"id": "CVE-2019-20466"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "179815"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-099"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sannce\u00a0Smart\u00a0HD\u00a0Wifi\u00a0Security\u00a0Camera\u00a0EAN\u00a02\u00a0950004\u00a0595317\u00a0 Vulnerability in using weak password hashes on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005175"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-099"
}
],
"trust": 0.6
}
}
VAR-202104-0040
Vulnerability from variot - Updated: 2025-01-30 20:48An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Sannce
[Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317
[Affected Component] Videostream of camera
[Attack Type] Remote
[Impact Escalation of Privileges] true
[Impact Information Disclosure] true
[Attack Vectors] An attacker simply needs to be able to connect to the device over the network.
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.
[Reference] https://www.sannce.com
Use CVE-2019-20464
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 1.8,
"vendor": "sannce",
"version": null
},
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 0.8,
"vendor": "sannce",
"version": "smart hd wifi security camera ean 2 950004 595317 firmware"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005183"
},
{
"db": "NVD",
"id": "CVE-2019-20464"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2019-20464",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-20464",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20464",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-20464",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20464",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2019-20464",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-20464",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-101",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-20464",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20464"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005183"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-101"
},
{
"db": "NVD",
"id": "CVE-2019-20464"
},
{
"db": "NVD",
"id": "CVE-2019-20464"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. \n\n------------------------------------------\n\n[Vulnerability Type]\nIncorrect Access Control\n\n------------------------------------------\n\n[Vendor of Product]\nSannce\n\n------------------------------------------\n\n[Affected Product Code Base]\nSannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317\n\n------------------------------------------\n\n[Affected Component]\nVideostream of camera\n\n------------------------------------------\n\n[Attack Type]\nRemote\n\n------------------------------------------\n\n[Impact Escalation of Privileges]\ntrue\n\n------------------------------------------\n\n[Impact Information Disclosure]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nAn attacker simply needs to be able to connect to the device over the network. \n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. \n\n------------------------------------------\n\n[Reference]\nhttps://www.sannce.com\n\nUse CVE-2019-20464",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20464"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005183"
},
{
"db": "VULMON",
"id": "CVE-2019-20464"
},
{
"db": "PACKETSTORM",
"id": "179813"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20464",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005183",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-101",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-20464",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179813",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20464"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005183"
},
{
"db": "PACKETSTORM",
"id": "179813"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-101"
},
{
"db": "NVD",
"id": "CVE-2019-20464"
}
]
},
"id": "VAR-202104-0040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "OTHER",
"id": null
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:48:01.478000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.sannce.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005183"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005183"
},
{
"db": "NVD",
"id": "CVE-2019-20464"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitors-part-2/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20464"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.sannce.com"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20464"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005183"
},
{
"db": "PACKETSTORM",
"id": "179813"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-101"
},
{
"db": "NVD",
"id": "CVE-2019-20464"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20464"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005183"
},
{
"db": "PACKETSTORM",
"id": "179813"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-101"
},
{
"db": "NVD",
"id": "CVE-2019-20464"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20464"
},
{
"date": "2021-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005183"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179813"
},
{
"date": "2021-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-101"
},
{
"date": "2021-04-02T16:15:13.053000",
"db": "NVD",
"id": "CVE-2019-20464"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20464"
},
{
"date": "2021-12-09T05:27:00",
"db": "JVNDB",
"id": "JVNDB-2021-005183"
},
{
"date": "2021-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-101"
},
{
"date": "2024-11-21T04:38:32.650000",
"db": "NVD",
"id": "CVE-2019-20464"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sannce\u00a0Smart\u00a0HD\u00a0Wifi\u00a0Security\u00a0Camera\u00a0EAN\u00a02\u00a0950004\u00a0595317\u00a0 Authentication vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005183"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-101"
}
],
"trust": 0.6
}
}
VAR-202104-0041
Vulnerability from variot - Updated: 2025-01-30 19:46An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Sannce
[Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317
[Affected Component] Videostream of camera
[Attack Type] Remote
[Impact Escalation of Privileges] true
[Impact Information Disclosure] true
[Attack Vectors] An attacker simply needs to be able to connect to the device over the network.
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation.
[Reference] https://www.sannce.com
Use CVE-2019-20465
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0041",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 1.8,
"vendor": "sannce",
"version": null
},
{
"model": "smart hd wifi security camera ean 2 950004 595317",
"scope": "eq",
"trust": 0.8,
"vendor": "sannce",
"version": "smart hd wifi security camera ean 2 950004 595317 firmware"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005180"
},
{
"db": "NVD",
"id": "CVE-2019-20465"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2019-20465",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-20465",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20465",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-20465",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20465",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-20465",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-20465",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20465"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005180"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-100"
},
{
"db": "NVD",
"id": "CVE-2019-20465"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera\u0027s pan/zoom/tilt functionality. \n\n------------------------------------------\n\n[Vulnerability Type]\nIncorrect Access Control\n\n------------------------------------------\n\n[Vendor of Product]\nSannce\n\n------------------------------------------\n\n[Affected Product Code Base]\nSannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317\n\n------------------------------------------\n\n[Affected Component]\nVideostream of camera\n\n------------------------------------------\n\n[Attack Type]\nRemote\n\n------------------------------------------\n\n[Impact Escalation of Privileges]\ntrue\n\n------------------------------------------\n\n[Impact Information Disclosure]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nAn attacker simply needs to be able to connect to the device over the network. \n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. \n\n------------------------------------------\n\n[Reference]\nhttps://www.sannce.com\n\nUse CVE-2019-20465",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20465"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005180"
},
{
"db": "VULMON",
"id": "CVE-2019-20465"
},
{
"db": "PACKETSTORM",
"id": "179814"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20465",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005180",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-100",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-20465",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179814",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20465"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005180"
},
{
"db": "PACKETSTORM",
"id": "179814"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-100"
},
{
"db": "NVD",
"id": "CVE-2019-20465"
}
]
},
"id": "VAR-202104-0041",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-01-30T19:46:34.680000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.sannce.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005180"
},
{
"db": "NVD",
"id": "CVE-2019-20465"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitors-part-2/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20465"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.sannce.com"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20465"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005180"
},
{
"db": "PACKETSTORM",
"id": "179814"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-100"
},
{
"db": "NVD",
"id": "CVE-2019-20465"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2019-20465"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005180"
},
{
"db": "PACKETSTORM",
"id": "179814"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-100"
},
{
"db": "NVD",
"id": "CVE-2019-20465"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20465"
},
{
"date": "2021-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005180"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179814"
},
{
"date": "2021-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-100"
},
{
"date": "2021-04-02T16:15:13.133000",
"db": "NVD",
"id": "CVE-2019-20465"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20465"
},
{
"date": "2021-12-09T05:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005180"
},
{
"date": "2021-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-100"
},
{
"date": "2024-11-21T04:38:32.850000",
"db": "NVD",
"id": "CVE-2019-20465"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sannce\u00a0Smart\u00a0HD\u00a0Wifi\u00a0Security\u00a0Camera\u00a0EAN\u00a02\u00a0950004\u00a0595317\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005180"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-100"
}
],
"trust": 0.6
}
}