Vulnerability-Lookup

CNVD-2019-42573

Vulnerability from cnvd - Published: 2019-11-28

Title

ZTE C520V21身份验证错误漏洞

Description

ZTE C520V21是中国中兴通讯（ZTE）公司的一款智能网络摄像头。 ZTE C520V21 2.1.14及之前版本中存在身份验证错误漏洞，攻击者可利用该漏洞访问已授权浏览器中的Web服务并执行操作。

Severity

中

Patch Name

ZTE C520V21身份验证错误漏洞的补丁

Patch Description

ZTE C520V21是中国中兴通讯（ZTE）公司的一款智能网络摄像头。 ZTE C520V21 2.1.14及之前版本中存在身份验证错误漏洞，攻击者可利用该漏洞访问已授权浏览器中的Web服务并执行操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-3424

Impacted products

Name
ZTE C520V21 <=2.1.14

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-3424"
    }
  },
  "description": "ZTE C520V21\u662f\u4e2d\u56fd\u4e2d\u5174\u901a\u8baf\uff08ZTE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u7f51\u7edc\u6444\u50cf\u5934\u3002\n\nZTE C520V21 2.1.14\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5df2\u6388\u6743\u6d4f\u89c8\u5668\u4e2d\u7684Web\u670d\u52a1\u5e76\u6267\u884c\u64cd\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42573",
  "openTime": "2019-11-28",
  "patchDescription": "ZTE C520V21\u662f\u4e2d\u56fd\u4e2d\u5174\u901a\u8baf\uff08ZTE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u7f51\u7edc\u6444\u50cf\u5934\u3002\r\n\r\nZTE C520V21 2.1.14\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5df2\u6388\u6743\u6d4f\u89c8\u5668\u4e2d\u7684Web\u670d\u52a1\u5e76\u6267\u884c\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZTE C520V21\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ZTE C520V21 \u003c=2.1.14"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3424",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-19",
  "title": "ZTE C520V21\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2019-3424 (GCVE-0-2019-3424)

Vulnerability from cvelistv5 – Published: 2019-11-18 18:20 – Updated: 2024-08-04 19:12

Summary

authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations.

Severity ?

No CVSS data available.

CWE

Authentication Issues

Assigner

zte

References

URL

Tags

http://support.zte.com.cn/support/news/LoopholeIn…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ZTE Corporation	C520V21	Affected: All versions up to V2.1.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:12:09.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "C520V21",
          "vendor": "ZTE Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All versions up to V2.1.14"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication Issues",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-18T18:20:23.000Z",
        "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "shortName": "zte"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@zte.com.cn",
          "ID": "CVE-2019-3424",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "C520V21",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions up to V2.1.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ZTE Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication Issues"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842",
              "refsource": "CONFIRM",
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011842"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
    "assignerShortName": "zte",
    "cveId": "CVE-2019-3424",
    "datePublished": "2019-11-18T18:20:23.000Z",
    "dateReserved": "2018-12-31T00:00:00.000Z",
    "dateUpdated": "2024-08-04T19:12:09.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-42573

CVE-2019-3424 (GCVE-0-2019-3424)

Tags

Sightings

Nomenclature