Vulnerability Description
Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware (until Webware version V1.0.1) allows attackers to view an RTSP stream by connecting to the stream with hidden credentials (guest or user) that are neither displayed nor configurable in the camera's CamHi or keye mobile management application. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hisilicon | Hi3510 Firmware | < 1.0.1 |
| Hisilicon | Hi3510 | - |
References
- https://dojo.bullguard.com/dojo-by-bullguard/blog/cam-hi-risk/Third Party Advisory
- https://dojo.bullguard.com/dojo-by-bullguard/blog/cam-hi-risk/Third Party Advisory
FAQ
What is CVE-2019-10711?
CVE-2019-10711 is a vulnerability with a CVSS score of 7.5 (HIGH). Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware (until Webware version V1.0.1) allows attackers to view an RTSP stream by connecting to ...
How severe is CVE-2019-10711?
CVE-2019-10711 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10711?
Check the references section above for vendor advisories and patch information. Affected products include: Hisilicon Hi3510 Firmware, Hisilicon Hi3510.