Executive Summary
| Summary | |
|---|---|
| Title | Linksys WVC54GC wireless video camera vulnerable to information disclosure |
| Informations | |||
|---|---|---|---|
| Name | VU#528993 | First vendor Publication | 2008-12-05 |
| Vendor | VU-CERT | Last vendor Modification | 2008-12-05 |
| Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Vulnerability Note VU#528993Linksys WVC54GC wireless video camera vulnerable to information disclosureOverviewThe Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a denial-of-service to the video camera.I. DescriptionThe Linksys WVC54GC wireless video camera uses 916/udp for remote management commands. When a certain packet is delivered to that port, the device responds with a packet that contains the majority of the device's configuration. This packet includes details such as username, password, wireless ssid, WEP key, WEP password, WPA key, and DNS server. This packet is sent over the network unencrypted, which can allow an attacker to obtain these details.II. ImpactBy delivering a specially crafted packet to 916/udp of an affected device, a remote, unauthenticated attacker may be able to obtain information to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a denial-of-service to the video camera.III. SolutionApply an updateThis vulnerability is addressed in WVC54GC firmware version 1.25. Please see the release notes for more details.
References
Thanks to Andre Protas of eEye for reporting this vulnerability, who in turn also credits Greg Linares of eEye. This document was written by Will Dormann.
|
Original Source
| Url : http://www.kb.cert.org/vuls/id/528993 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-37 | Lifting Data Embedded in Client Distributions |
| CAPEC-65 | Passively Sniff and Capture Application Code Bound for Authorized Client |
| CAPEC-102 | Session Sidejacking |
| CAPEC-117 | Data Interception Attacks |
| CAPEC-155 | Screen Temporary Files for Sensitive Information |
| CAPEC-157 | Sniffing Attacks |
| CAPEC-167 | Lifting Sensitive Data from the Client |
| CAPEC-204 | Lifting cached, sensitive data embedded in client distributions (thick or thin) |
| CAPEC-205 | Lifting credential(s)/key material embedded in client distributions (thick or... |
| CAPEC-258 | Passively Sniffing and Capturing Application Code Bound for an Authorized Cli... |
| CAPEC-259 | Passively Sniffing and Capturing Application Code Bound for an Authorized Cli... |
| CAPEC-260 | Passively Sniffing and Capturing Application Code Bound for an Authorized Cli... |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-319 | Cleartext Transmission of Sensitive Information |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 50630 | Linksys WVC54GC Setup Wizard Remote Management Command Remote Information Dis... |
