Vulnerabilities > CVE-2019-20466 - Use of Password Hash With Insufficient Computational Effort vulnerability in Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 Firmware

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

sannce

CWE-916

NVD

Published: 2021-04-02

Updated: 2021-04-08

Summary

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.

Vulnerable Configurations

Part	Description	Count
OS	Sannce Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 Firmware -	1
Hardware	Sannce Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 -	1

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitors-part-2/