Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-47789

Oct. 14, 2024, 11:15 a.m.

Product(s) Impacted

D3D Security IP Camera

Description

** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Weaknesses

CWE-319
Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CWE ID: 319

Date

Published: Oct. 4, 2024, 1:15 p.m.

Last Modified: Oct. 14, 2024, 11:15 a.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

vdisclose@cert-in.org.in

References

https://www.cert-in.org.in/ vdisclose@cert-in.org.in