Vulnerability Details : CVE-2017-17101
Potential exploit
An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypass the login screen and access the webcam contents including: live video stream, configuration files with all the passwords, system information, and much more. With this vulnerability, anyone can access to a vulnerable webcam with 'super admin' privilege.
Products affected by CVE-2017-17101
- cpe:2.3:o:apexis:apm-h803-mpc_firmware:1.1.2.69:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-17101
0.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-17101
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2017-17101
-
https://youtu.be/B75C13Zw35Y
CVE-2017-17101 IPcam Authentication Bypass - YouTubeExploit;Third Party Advisory
Jump to