Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream.
References
Link | Resource |
---|---|
https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf | Third Party Advisory |
https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf - Third Party Advisory |
Information
Published : 2018-04-24 06:29
Updated : 2024-11-21 03:41
NVD link : CVE-2018-10328
Mitre link : CVE-2018-10328
CVE.ORG link : CVE-2018-10328
JSON object : View
Products Affected
momentum
- momentum_axel_720p_firmware
- momentum_axel_720p
CWE
CWE-798
Use of Hard-coded Credentials