Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal in Smartwares cameras
Vulnerability Description
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by providing paths to the files. However, the directories to which a user has access are not limited, allowing for path traversal attacks and downloading sensitive information. The vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Smartwares CIP-37210AT和Smartwares C724IP 安全漏洞
Vulnerability Description
Smartwares CIP-37210AT和Smartwares C724IP都是Smartwares公司的产品。Smartwares CIP-37210AT是一款 IP 摄像头设备,用于家庭或办公室的安全监控。Smartwares C724IP是一款 IP 摄像头设备,用于家庭或办公室的安全监控。 Smartwares CIP-37210AT和Smartwares C724IP 3.3.0及之前版本存在安全漏洞,该漏洞源于允许用户访问目录不受限制,从而路径遍历攻击和下载敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A