OpenCVE

Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Gncchome	Gncc C2 Gncc C2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p
https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001

History

Fri, 16 Aug 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gncchome Gncc C2
Weaknesses		CWE-798
CPEs		cpe:2.3:h:gncchome:_gncc_c2:-:::::::* cpe:2.3:o:gncchome:gncc_c2_firmware:-:::::::*
Vendors & Products		Gncchome Gncc C2

Thu, 15 Aug 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gncchome Gncchome gncc C2 Firmware
Weaknesses		CWE-259
CPEs		cpe:2.3:o:gncchome:gncc_c2_firmware::::::::
Vendors & Products		Gncchome Gncchome gncc C2 Firmware
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 15 Aug 2024 17:45:00 +0000

Type	Values Removed	Values Added
Description		Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices
References		https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-15T00:00:00

Updated: 2024-08-15T17:27:56.814Z

Reserved: 2024-04-05T00:00:00

Link: CVE-2024-31798

Vulnrichment

Updated: 2024-08-15T17:22:55.701Z

NVD

Status : Analyzed

Published: 2024-08-15T17:15:17.013

Modified: 2024-08-16T13:59:00.523

Link: CVE-2024-31798

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31798", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-15T17:27:56.814Z", "dateReserved": "2024-04-05T00:00:00", "datePublished": "2024-08-15T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-15T16:40:16.384991"}, "descriptions": [{"lang": "en", "value": "Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p"}, {"url": "https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-259", "lang": "en", "description": "CWE-259 Use of Hard-coded Password"}]}], "affected": [{"vendor": "gncchome", "product": "gncc_c2_firmware", "cpes": ["cpe:2.3:o:gncchome:gncc_c2_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-15T17:03:46.353055Z", "id": "CVE-2024-31798", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T17:27:56.814Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31798", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-15T17:03:46.353055Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:gncchome:gncc_c2_firmware:*:*:*:*:*:*:*:*"], "vendor": "gncchome", "product": "gncc_c2_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "CWE-259 Use of Hard-coded Password"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T17:22:55.701Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p"}, {"url": "https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001"}], "descriptions": [{"lang": "en", "value": "Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-15T16:40:16.384991"}}}, "cveMetadata": {"cveId": "CVE-2024-31798", "state": "PUBLISHED", "dateUpdated": "2024-08-15T17:27:56.814Z", "dateReserved": "2024-04-05T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-15T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD479C7A-72DD-4266-B7D6-730ED8D9F3C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8F1C15B-9990-41D5-96DE-E3E8FD1D7A68", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices"}, {"lang": "es", "value": " La contrase\u00f1a root id\u00e9ntica codificada para todos los dispositivos en GNCC's GC2 Indoor Security Camera 1080P permite a un atacante con acceso f\u00edsico recuperar la contrase\u00f1a de root para todos los dispositivos similares"}], "id": "CVE-2024-31798", "lastModified": "2024-08-16T13:59:00.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-15T17:15:17.013", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-259"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}