CVE-2017-10721 : Recently it was discovered as a part of the research on IoT devices in the most

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.

Published 2019-06-17 22:15:10

Updated 2019-06-20 19:32:12

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2017-10721

Ishekar » Endoscope Camera Firmware
cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Ishekar » Endoscope Camera » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-10721

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-10721

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2017-10721

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-10721

http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html

Shekar Endoscope Weak Default Settings / Memory Corruption ≈ Packet Storm
Third Party Advisory;VDB Entry

CVEs referencing this url
https://seclists.org/bugtraq/2019/Jun/8

Bugtraq: Newly releases IoT security issues
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf

IoT_vulnerabilities/Shekar_boriscope_sec_issues.pdf at master · ethanhunnt/IoT_vulnerabilities · GitHub
Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-10721

Products affected by CVE-2017-10721

Exploit prediction scoring system (EPSS) score for CVE-2017-10721

CVSS scores for CVE-2017-10721

CWE ids for CVE-2017-10721

References for CVE-2017-10721