CVE-2019-12288 — CRITICAL (9.8)

Vulnerability Description

An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Vstarcam	C7824Iwp Firmware	kr75.8.53.20
Vstarcam	C7824Iwp	-
Vstracm	C38S Firmware	kr203.18.1.20
Vstracm	C38S	-

Related Weaknesses (CWE)

CWE-306

References

http://f1security.co.kr/cve/cve_190314.htmBroken Link
http://f1security.co.kr/cve/cve_190314.htmBroken Link

FAQ

What is CVE-2019-12288?

CVE-2019-12288 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a we...

How severe is CVE-2019-12288?

CVE-2019-12288 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-12288?

Check the references section above for vendor advisories and patch information. Affected products include: Vstarcam C7824Iwp Firmware, Vstarcam C7824Iwp, Vstracm C38S Firmware, Vstracm C38S.