Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-25 | CVE-2017-8225 | Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. | 9.8 |
| 2017-04-25 | CVE-2017-8224 | Use of Hard-coded Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. | 9.8 |
| 2017-04-25 | CVE-2017-8223 | Improper Authentication vulnerability in Wificam Wireless IP Camera (P2P) Firmware On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0. | 7.5 |
| 2017-04-25 | CVE-2017-8222 | Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information. | 7.5 |
| 2017-04-25 | CVE-2017-8221 | Missing Encryption of Sensitive Data vulnerability in Wificam Wireless IP Camera (P2P) Firmware Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.5 |
| 2017-04-25 | CVE-2017-8220 | OS Command Injection vulnerability in Tp-Link C20I Firmware and C2 Firmware TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. | 9.9 |
| 2017-04-25 | CVE-2017-8219 | Improper Input Validation vulnerability in Tp-Link C20I Firmware and C2 Firmware TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | 6.5 |
| 2017-04-25 | CVE-2017-8218 | Insecure Default Initialization of Resource vulnerability in Tp-Link C20I Firmware and C2 Firmware vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password. | 9.8 |
| 2017-04-25 | CVE-2017-8217 | Missing Authorization vulnerability in Tp-Link C20I Firmware and C2 Firmware TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | 5.3 |
| 2017-04-25 | CVE-2017-8115 | Path Traversal vulnerability in Modx Revolution 2.5.7 Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | 5.3 |