CVE-2021-26627 — HIGH (7.5)

Vulnerability Description

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Qcp	Qcp200W Firmware	-
Qcp	Qcp200W	-

Related Weaknesses (CWE)

CWE-287 CWE-284

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66663Third Party Advisory
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66663Third Party Advisory

FAQ

What is CVE-2021-26627?

CVE-2021-26627 is a vulnerability with a CVSS score of 7.5 (HIGH). Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command...

How severe is CVE-2021-26627?

CVE-2021-26627 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26627?

Check the references section above for vendor advisories and patch information. Affected products include: Qcp Qcp200W Firmware, Qcp Qcp200W.