CVE-2021-26627

Published: Apr 19, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.

Affected (2)

Products: Qcp: Qcp200w Firmware

Qcp

1 product

Qcp200w Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qcp Qcp200w Firmware	All versions
Qcp Qcp200w Firmware	All versions

Running on/with	Platform Versions
Qcp Qcp200w	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66663

Source: vuln@krcert.or.kr

Third Party Advisory

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66663

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.