VYPR
Vendor

Vstarcam

Products
7
CVEs
10
Across products
12
Status
Private

Products

7

Recent CVEs

10
  • CVE-2018-10661CriJun 26, 2018
    risk 0.74cvss 9.8epss 0.87

    An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.

  • CVE-2018-10662CriJun 26, 2018
    risk 0.73cvss 9.8epss 0.80

    An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.

  • CVE-2017-5674CriMar 13, 2017
    risk 0.65cvss 9.8epss 0.22

    A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will…

  • CVE-2018-11653CriAug 24, 2018
    risk 0.64cvss 9.8epss 0.02

    Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.

  • CVE-2018-11654HigAug 24, 2018
    risk 0.49cvss 7.5epss 0.02

    Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.

  • CVE-2023-39509Dec 18, 2023
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.

  • CVE-2019-10958Jan 17, 2020
    risk 0.00cvss epss 0.03

    Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.

  • CVE-2019-12289May 23, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files…

  • CVE-2019-12288May 23, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve…

  • CVE-2019-11014Apr 8, 2019
    risk 0.00cvss epss 0.02

    The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the…