CVE-2024-5634 | THREATINT

Description

Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy. Additionally, every camera with the same firmware version shares the same password.

PUBLISHED Reserved 2024-06-04 | Published 2024-07-09 | Updated 2024-08-01 | Assigner CERT-PL

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-1391 Use of Weak Credentials

Product status

Default status

affected

Any version

affected

Default status

affected

Any version

affected

Credits

Adam Zambrzycki finder

References

zamel.com/...aw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01 product

cert.pl/en/posts/2024/07/CVE-2024-5631/ third-party-advisory

cert.pl/posts/2024/07/CVE-2024-5631/ third-party-advisory

zamel.com/...aw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01 product

cert.pl/en/posts/2024/07/CVE-2024-5631/ third-party-advisory

cert.pl/posts/2024/07/CVE-2024-5631/ third-party-advisory

cve.org (CVE-2024-5634)

nvd.nist.gov (CVE-2024-5634)

Download JSON

help @ threatint.eu