CVE-2024-5633

{"id": "CVE-2024-5633", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "cvd@cert.pl"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.5, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-09T11:15:16.157", "references": [{"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/", "source": "cvd@cert.pl"}, {"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert.pl/posts/2024/07/CVE-2024-5631/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-912"}]}], "descriptions": [{"lang": "en", "value": "Longse model\u00a0LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.\u00a0\nAn attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device."}, {"lang": "es", "value": " Las c\u00e1maras Longse modelo LBH30FE200W, as\u00ed como los productos basados en este dispositivo, proporcionan acceso ilimitado a un atacante ubicado en la misma red local a un servicio binario no documentado CoolView en uno de los puertos. Un atacante con conocimiento de los comandos disponibles puede realizar operaciones de lectura/escritura en la memoria del dispositivo, lo que podr\u00eda dar como resultado, por ejemplo, eludir el inicio de sesi\u00f3n de telnet y obtener acceso completo al dispositivo."}], "lastModified": "2024-11-21T09:48:03.483", "sourceIdentifier": "cvd@cert.pl"}