CVE-2017-8225 — CRITICAL (9.8)

Vulnerability Description

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wificam	Wireless Ip Camera \(P2P\) Firmware	-
Wificam	Wireless Ip Camera \(P2P\)	-

Related Weaknesses (CWE)

CWE-522

References

http://seclists.org/fulldisclosure/2017/Mar/23ExploitMailing ListThird Party Advisory
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-inExploitThird Party Advisory
http://seclists.org/fulldisclosure/2017/Mar/23ExploitMailing ListThird Party Advisory
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-inExploitThird Party Advisory

FAQ

What is CVE-2017-8225?

CVE-2017-8225 is a vulnerability with a CVSS score of 9.8 (CRITICAL). On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and ...

How severe is CVE-2017-8225?

CVE-2017-8225 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-8225?

Check the references section above for vendor advisories and patch information. Affected products include: Wificam Wireless Ip Camera \(P2P\) Firmware, Wificam Wireless Ip Camera \(P2P\).