Vulnerabilities > CVE-2019-6973 - Unspecified vulnerability in Genivia Gsoap 2.8.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

genivia

exploit available

NVD

Published: 2019-03-21

Updated: 2020-08-24

Summary

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.

Vulnerable Configurations

Part	Description	Count
Application	Genivia Genivia Gsoap 2.8.0	1
Hardware	Sricam Sricam Nvs001 - Sricam Sh016 - Sricam Sh024 - Sricam Sh026 - Sricam Sh027 - Sricam Sp007 - Sricam Sp008 - Sricam Sp009 - Sricam Sp012 - Sricam Sp015 - Sricam Sp017 - Sricam Sp018 - Sricam Sp019 - Sricam Sp020 - Sricam Sp023 -	15

Exploit-Db

file	exploits/hardware/dos/46261.sh
id	EDB-ID:46261
last seen	2019-01-28
modified	2019-01-28
platform	hardware
port	5000
published	2019-01-28
reporter	Exploit-DB
source	https://www.exploit-db.com/download/46261
title	Sricam gSOAP 2.8 - Denial of Service
type	dos

Packetstorm

data source	https://packetstormsecurity.com/files/download/151377/sricamgsoap28-dos.txt
id	PACKETSTORM:151377
last seen	2019-01-29
published	2019-01-29
reporter	Andrew Watson
source	https://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html
title	Sricam gSOAP 2.8 Denial Of Service

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References