VAR-201901-1595
Vulnerability from variot - Updated: 2024-11-23 21:37A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device. Practecol Guardzilla All-In-One Video Security System Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. GuardzillaAll-In-OneVideoSecuritySystem is a home security platform that provides indoor video surveillance. There is a hard-coded credential vulnerability in the Guardzilla IoT camera. This vulnerability exists in Amazon Simple Storage Service (S3) credentials within the Guardzilla Security Camera firmware. Use embedded S3 credentials to unrestrictedly view and download any stored files and videos in the associated bucket. Once a password is obtained, any unauthenticated attacker can collect data from any affected system over the network. Cloud-based storage system is one of the cloud-based storage systems. An attacker could exploit this vulnerability to view all Guardzilla personal data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-1595",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gz521w",
"scope": "eq",
"trust": 1.0,
"vendor": "guardzilla",
"version": "*"
},
{
"model": "gz521w",
"scope": null,
"trust": 0.8,
"vendor": "guardzilla",
"version": null
},
{
"model": "gz521wb security video system",
"scope": null,
"trust": 0.6,
"vendor": "guardzilla",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00567"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
},
{
"db": "NVD",
"id": "CVE-2018-5560"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:guardzilla:gz521w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
}
]
},
"cve": "CVE-2018-5560",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5560",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-00567",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-135591",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5560",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@rapid7.com",
"availabilityImpact": "NONE",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5560",
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5560",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@rapid7.com",
"id": "CVE-2018-5560",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-5560",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-00567",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-1059",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-135591",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00567"
},
{
"db": "VULHUB",
"id": "VHN-135591"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1059"
},
{
"db": "NVD",
"id": "CVE-2018-5560"
},
{
"db": "NVD",
"id": "CVE-2018-5560"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol\u0027s Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device. Practecol Guardzilla All-In-One Video Security System Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. GuardzillaAll-In-OneVideoSecuritySystem is a home security platform that provides indoor video surveillance. There is a hard-coded credential vulnerability in the Guardzilla IoT camera. This vulnerability exists in Amazon Simple Storage Service (S3) credentials within the Guardzilla Security Camera firmware. Use embedded S3 credentials to unrestrictedly view and download any stored files and videos in the associated bucket. Once a password is obtained, any unauthenticated attacker can collect data from any affected system over the network. Cloud-based storage system is one of the cloud-based storage systems. An attacker could exploit this vulnerability to view all Guardzilla personal data",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
},
{
"db": "CNVD",
"id": "CNVD-2019-00567"
},
{
"db": "VULHUB",
"id": "VHN-135591"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5560",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014572",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1059",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-00567",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135591",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00567"
},
{
"db": "VULHUB",
"id": "VHN-135591"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1059"
},
{
"db": "NVD",
"id": "CVE-2018-5560"
}
]
},
"id": "VAR-201901-1595",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00567"
},
{
"db": "VULHUB",
"id": "VHN-135591"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00567"
}
]
},
"last_update_date": "2024-11-23T21:37:43.177000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.guardzilla.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135591"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
},
{
"db": "NVD",
"id": "CVE-2018-5560"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/"
},
{
"trust": 1.7,
"url": "https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5560"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5560"
},
{
"trust": 0.6,
"url": "http://0day5.com/archives/4512/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00567"
},
{
"db": "VULHUB",
"id": "VHN-135591"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1059"
},
{
"db": "NVD",
"id": "CVE-2018-5560"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-00567"
},
{
"db": "VULHUB",
"id": "VHN-135591"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1059"
},
{
"db": "NVD",
"id": "CVE-2018-5560"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00567"
},
{
"date": "2019-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-135591"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014572"
},
{
"date": "2019-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-1059"
},
{
"date": "2019-01-31T21:29:00.270000",
"db": "NVD",
"id": "CVE-2018-5560"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00567"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-135591"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014572"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-1059"
},
{
"date": "2024-11-21T04:09:03.990000",
"db": "NVD",
"id": "CVE-2018-5560"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-1059"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Practecol Guardzilla All-In-One Video Security System Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014572"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-1059"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…