Vulnerabilities > CVE-2021-40378 - Missing Authorization vulnerability in Comprotech products

CVSS 8.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

comprotech

CWE-862

NVD

Published: 2021-09-01

Updated: 2021-09-10

Summary

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.

Vulnerable Configurations

Part	Description	Count
OS	Comprotech Comprotech Ip70 Firmware 2.08_7130218 Comprotech Ip570 Firmware 2.08_7130520 Comprotech Ip60 Firmware - Comprotech Tn540 Firmware -	4
Hardware	Comprotech Comprotech Ip70 * Comprotech Ip570 * Comprotech Ip60 * Comprotech Tn540 *	4

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-vulnerabilities.md
http://packetstormsecurity.com/files/164024/Compro-Technology-IP-Camera-Denial-Of-Service.html