CVE-2019-12919

{"id": "CVE-2019-12919", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-06-20T19:15:10.057", "references": [{"url": "https://www.exploit-db.com/exploits/46993", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/46993", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device."}, {"lang": "es", "value": "En los dispositivos DOG-2W y DOG-2W-V4 de la c\u00e1mara inteligente de Shenzhen Cylan Clever Dog, un atacante en la red local tiene acceso no autenticado a la tarjeta SD interna a trav\u00e9s del servicio HTTP en el puerto 8000. El servidor web HTTP de la c\u00e1mara permite que cualquiera pueda vea o descargue el archivo de video grabado y guardado en la tarjeta de memoria externa adjunta al dispositivo."}], "lastModified": "2024-11-21T04:23:49.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cylan:clever_dog_smart_camera_panorama_dog-2w_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D25D56F-C8B8-42CF-B310-3B33010FCA17"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cylan:clever_dog_smart_camera_panorama_dog-2w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0ECA19E7-08C4-426F-A304-6225937C57B3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cylan:clever_dog_smart_camera_plus_dog-2w-v4_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78A2FB49-150A-4279-B0B5-71EE0C488A25"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cylan:clever_dog_smart_camera_plus_dog-2w-v4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2667CF6-E8A4-4EFB-A13B-18437A460EC6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}