Vstarcam
Products
7- 6 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10661 | Cri | 0.74 | 9.8 | 0.87 | Jun 26, 2018 | An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. | ||
| CVE-2018-10662 | Cri | 0.73 | 9.8 | 0.80 | Jun 26, 2018 | An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | ||
| CVE-2017-5674 | Cri | 0.65 | 9.8 | 0.22 | Mar 13, 2017 | A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will… | ||
| CVE-2018-11653 | Cri | 0.64 | 9.8 | 0.02 | Aug 24, 2018 | Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password. | ||
| CVE-2018-11654 | Hig | 0.49 | 7.5 | 0.02 | Aug 24, 2018 | Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. | ||
| CVE-2023-39509 | 0.00 | — | 0.01 | Dec 18, 2023 | A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. | |||
| CVE-2019-10958 | 0.00 | — | 0.03 | Jan 17, 2020 | Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | |||
| CVE-2019-12289 | 0.00 | — | 0.02 | May 23, 2019 | An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files… | |||
| CVE-2019-12288 | 0.00 | — | 0.02 | May 23, 2019 | An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve… | |||
| CVE-2019-11014 | 0.00 | — | 0.02 | Apr 8, 2019 | The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the… |
- risk 0.74cvss 9.8epss 0.87
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
- risk 0.73cvss 9.8epss 0.80
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
- risk 0.65cvss 9.8epss 0.22
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will…
- risk 0.64cvss 9.8epss 0.02
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.
- risk 0.49cvss 7.5epss 0.02
Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device.
- CVE-2023-39509Dec 18, 2023risk 0.00cvss —epss 0.01
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.
- CVE-2019-10958Jan 17, 2020risk 0.00cvss —epss 0.03
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.
- CVE-2019-12289May 23, 2019risk 0.00cvss —epss 0.02
An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files…
- CVE-2019-12288May 23, 2019risk 0.00cvss —epss 0.02
An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve…
- CVE-2019-11014Apr 8, 2019risk 0.00cvss —epss 0.02
The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the…