CVE-2024-31798

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

dentical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices

References

Link	Resource
https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p	Product
https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*

History

16 Aug 2024, 13:59

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-15 17:15

Updated : 2024-08-16 13:59

NVD link : CVE-2024-31798

Mitre link : CVE-2024-31798

CVE.ORG link : CVE-2024-31798

JSON object : View

Products Affected

CWE

CWE-798

Use of Hard-coded Credentials

CWE-259

Use of Hard-coded Password

{"id": "CVE-2024-31798", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2024-08-15T17:15:17.013", "references": [{"url": "https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-259"}]}], "descriptions": [{"lang": "en", "value": "Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices"}, {"lang": "es", "value": " La contrase\u00f1a root id\u00e9ntica codificada para todos los dispositivos en GNCC's GC2 Indoor Security Camera 1080P permite a un atacante con acceso f\u00edsico recuperar la contrase\u00f1a de root para todos los dispositivos similares"}], "lastModified": "2024-08-16T13:59:00.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD479C7A-72DD-4266-B7D6-730ED8D9F3C7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8F1C15B-9990-41D5-96DE-E3E8FD1D7A68"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}