CVE-2024-31798

Published: Aug 15, 2024Modified: Aug 16, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices

Affected (1)

Products: Gncchome: Gncc C2 Firmware

Gncchome

1 product

Gncc C2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gncchome Gncc C2 Firmware	All versions

Running on/with	Platform Versions
Gncchome Gncc C2	All versions

Related CWEs

CWE-259

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p

Source: cve@mitre.org

Product

https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.