CVE-2024-5631 - OpenCVE

Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream. The credentials are being sent when a user decides to change his password in router's portal.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://cert.pl/en/posts/2024/07/CVE-2024-5631/
https://cert.pl/posts/2024/07/CVE-2024-5631
https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-07-09T10:57:24.256Z

Updated: 2024-08-01T21:18:06.842Z

Reserved: 2024-06-04T14:42:02.523Z

Link: CVE-2024-5631

Vulnrichment

Updated: 2024-08-01T21:18:06.842Z

NVD

Status : Awaiting Analysis

Published: 2024-07-09T11:15:15.740

Modified: 2024-08-01T22:15:32.220

Link: CVE-2024-5631

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5631", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2024-06-04T14:42:02.523Z", "datePublished": "2024-07-09T10:57:24.256Z", "dateUpdated": "2024-08-01T21:18:06.842Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "NVR3608PGE2W", "vendor": "Longse Technology", "versions": [{"lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "ZMB-01", "vendor": "Zamel", "versions": [{"lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Adam Zambrzycki"}], "datePublic": "2024-07-09T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream. <br>The credentials are being sent when a user decides to change his password in router's portal. "}], "value": "Longse NVR (Network Video Recorder) model\u00a0NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream.\u00a0\nThe credentials are being sent when a user decides to change his password in router's portal."}], "impacts": [{"capecId": "CAPEC-117", "descriptions": [{"lang": "en", "value": "CAPEC-117 Interception"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-07-09T10:57:24.256Z"}, "references": [{"tags": ["product"], "url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/07/CVE-2024-5631"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T15:12:14.314814Z", "id": "CVE-2024-5631", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T20:42:03.582Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.842Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/07/CVE-2024-5631"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01", "tags": ["product", "x_transferred"]}, {"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://cert.pl/posts/2024/07/CVE-2024-5631", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.842Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5631", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-09T15:12:14.314814Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T17:48:41.820Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Adam Zambrzycki"}], "impacts": [{"capecId": "CAPEC-117", "descriptions": [{"lang": "en", "value": "CAPEC-117 Interception"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Longse Technology", "product": "NVR3608PGE2W", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "affected"}, {"vendor": "Zamel", "product": "ZMB-01", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "affected"}], "datePublic": "2024-07-09T10:00:00.000Z", "references": [{"url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01", "tags": ["product"]}, {"url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/", "tags": ["third-party-advisory"]}, {"url": "https://cert.pl/posts/2024/07/CVE-2024-5631", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Longse NVR (Network Video Recorder) model\u00a0NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream.\u00a0\nThe credentials are being sent when a user decides to change his password in router's portal.", "supportingMedia": [{"type": "text/html", "value": "Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream. <br>The credentials are being sent when a user decides to change his password in router's portal. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-07-09T10:57:24.256Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5631", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:18:06.842Z", "dateReserved": "2024-06-04T14:42:02.523Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2024-07-09T10:57:24.256Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cvd@cert.pl", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Longse NVR (Network Video Recorder) model\u00a0NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream.\u00a0\nThe credentials are being sent when a user decides to change his password in router's portal."}, {"lang": "es", "value": " Longse NVR (Network Video Recorder) modelo NVR3608PGE2W, as\u00ed como los productos basados en este dispositivo, transmiten el nombre de usuario y la contrase\u00f1a a un servicio de control remoto sin utilizar ning\u00fan cifrado. Esto permite a un atacante en ruta espiar las credenciales y posteriormente obtener acceso a la transmisi\u00f3n de video. Las credenciales se env\u00edan cuando un usuario decide cambiar su contrase\u00f1a en el portal del enrutador."}], "id": "CVE-2024-5631", "lastModified": "2024-08-01T22:15:32.220", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2024-07-09T11:15:15.740", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"}, {"source": "cvd@cert.pl", "url": "https://cert.pl/posts/2024/07/CVE-2024-5631"}, {"source": "cvd@cert.pl", "url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "cvd@cert.pl", "type": "Secondary"}]}