CVE-2024-31800

Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*

History

30 Oct 2024, 20:35

Type Values Removed Values Added
CWE CWE-522

16 Aug 2024, 13:37

Type Values Removed Values Added
First Time Gncchome gncc C2 Firmware
Gncchome Gncc C2
Gncchome
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8
CPE cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*
Summary
  • (es) La omisión de autenticación en GNCC's GC2 Indoor Security Camera 1080P permite a un atacante con acceso físico obtener un shell de comando privilegiado a través del puerto de depuración UART.
References () https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p - () https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p - Product
References () https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001 - () https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001 - Exploit, Third Party Advisory

15 Aug 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-15 17:15

Updated : 2024-10-30 20:35


NVD link : CVE-2024-31800

Mitre link : CVE-2024-31800

CVE.ORG link : CVE-2024-31800


JSON object : View

Products Affected

gncchome

  • _gncc_c2
  • gncc_c2_firmware
CWE
CWE-287

Improper Authentication

CWE-522

Insufficiently Protected Credentials