CVE-2017-17101 — CRITICAL (9.8)

Vulnerability Description

An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypass the login screen and access the webcam contents including: live video stream, configuration files with all the passwords, system information, and much more. With this vulnerability, anyone can access to a vulnerable webcam with 'super admin' privilege.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apexis	Apm-H803-Mpc Firmware	1.1.2.69
Apexis	Apm-H803-Mpc	-

References

https://youtu.be/B75C13Zw35YExploitThird Party Advisory
https://youtu.be/B75C13Zw35YExploitThird Party Advisory

FAQ

What is CVE-2017-17101?

CVE-2017-17101 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypass...

How severe is CVE-2017-17101?

CVE-2017-17101 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-17101?

Check the references section above for vendor advisories and patch information. Affected products include: Apexis Apm-H803-Mpc Firmware, Apexis Apm-H803-Mpc.