CVE-2021-26627

{"id": "CVE-2021-26627", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "vuln@krcert.or.kr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-04-19T21:15:12.807", "references": [{"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66663", "tags": ["Third Party Advisory"], "source": "vuln@krcert.or.kr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "vuln@krcert.or.kr", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image."}, {"lang": "es", "value": "Una exposici\u00f3n de la informaci\u00f3n de las im\u00e1genes en tiempo real est\u00e1 causada por una autenticaci\u00f3n insuficiente del puerto RTSP activado. Esta vulnerabilidad podr\u00eda permitir a atacantes remotos enviar las peticiones RTSP usando el comando ffplay y conllevar a un filtrado de una imagen en vivo"}], "lastModified": "2022-04-27T18:10:35.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qcp:qcp200w_firmware:-:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "DF356B8D-9C64-4F10-861D-94CBA08B3652"}, {"criteria": "cpe:2.3:o:qcp:qcp200w_firmware:-:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "652A5975-0772-4FF8-A9CD-C2D4AD4568CD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qcp:qcp200w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49EDED72-B064-40E3-AE16-279A5E1C7A81"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vuln@krcert.or.kr"}