** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Metrics
Affected Vendors & Products
References
History
Mon, 14 Oct 2024 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
Fri, 04 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
D3dsecurity
D3dsecurity d8801 |
|
CPEs | cpe:2.3:h:d3dsecurity:d8801:*:*:*:*:*:*:*:* | |
Vendors & Products |
D3dsecurity
D3dsecurity d8801 |
|
Metrics |
ssvc
|
Fri, 04 Oct 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |
Title | Credential Leakage Vulnerability | |
Weaknesses | CWE-319 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-In
Published: 2024-10-04T12:43:45.390Z
Updated: 2024-10-14T10:52:33.065Z
Reserved: 2024-10-01T09:50:03.075Z
Link: CVE-2024-47789
Vulnrichment
Updated: 2024-10-04T13:33:05.351Z
NVD
Status : Awaiting Analysis
Published: 2024-10-04T13:15:12.137
Modified: 2024-10-14T11:15:11.797
Link: CVE-2024-47789
Redhat
No data.