Vulnerability Details : CVE-2008-4390
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.
Exploit prediction scoring system (EPSS) score for CVE-2008-4390
Probability of exploitation activity in the next 30 days: 0.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-4390
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2008-4390
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4390
-
http://www.kb.cert.org/vuls/id/MAPG-7HJKSA
VU#528993 - Linksys WVC54GC wireless video camera vulnerable to information disclosureThird Party Advisory;US Government Resource
-
http://www.kb.cert.org/vuls/id/528993
VU#528993 - Linksys WVC54GC wireless video camera vulnerable to information disclosurePatch;Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/32666
Broken Link;Third Party Advisory;VDB Entry
-
http://www.linksys.com/servlet/Satellite?blobcol=urldata&blobheadername1=Content-Type&blobheadername2=Content-Disposition&blobheadervalue1=text%2Fplain&blobheadervalue2=inline%3B+filename%3DWVC54GC-V1.0_non-RoHS-v1.25_fw_ver.txt&blobkey=id&blobtable=MungoBlobs&blobwhere=1193776031728&ssbinary=true&lid=8104724130B17
Sites-LINKUS-SiteProduct
-
http://secunia.com/advisories/33032
About Secunia Research | FlexeraBroken Link
Products affected by CVE-2008-4390
- cpe:2.3:o:cisco:linksys_wvc54gc_firmware:*:*:*:*:*:*:*:*