Vulnerability Description
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Genivia | Gsoap | 2.8.0 |
| Sricam | Nvs001 | - |
| Sricam | Sh016 | - |
| Sricam | Sh024 | - |
| Sricam | Sh026 | - |
| Sricam | Sh027 | - |
| Sricam | Sp007 | - |
| Sricam | Sp008 | - |
| Sricam | Sp009 | - |
| Sricam | Sp012 | - |
| Sricam | Sp015 | - |
| Sricam | Sp017 | - |
| Sricam | Sp018 | - |
| Sricam | Sp019 | - |
| Sricam | Sp020 | - |
| Sricam | Sp023 | - |
References
- http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.hExploitThird Party AdvisoryVDB Entry
- https://github.com/bitfu/sricam-gsoap2.8-dos-exploitThird Party Advisory
- https://www.exploit-db.com/exploits/46261/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.hExploitThird Party AdvisoryVDB Entry
- https://github.com/bitfu/sricam-gsoap2.8-dos-exploitThird Party Advisory
- https://www.exploit-db.com/exploits/46261/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2019-6973?
CVE-2019-6973 is a vulnerability with a CVSS score of 7.5 (HIGH). Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non...
How severe is CVE-2019-6973?
CVE-2019-6973 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6973?
Check the references section above for vendor advisories and patch information. Affected products include: Genivia Gsoap, Sricam Nvs001, Sricam Sh016, Sricam Sh024, Sricam Sh026.