Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-38024
PUBLISHED
More InfoOfficial Page
Assigner-twcert
Assigner Org ID-cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
View Known Exploited Vulnerability (KEV) details
Published At-28 Aug, 2023 | 03:14
Updated At-02 Oct, 2024 | 15:01
Rejected At-
▼CVE Numbering Authority (CNA)
SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1

SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.

Affected Products
Vendor
SPOTCAM CO., LTD.
Product
SpotCam FHD 2
Default Status
unaffected
Versions
Affected
  • 1.0036
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-70CAPEC-70 Try Common or Default Usernames and Passwords
CAPEC ID: CAPEC-70
Description: CAPEC-70 Try Common or Default Usernames and Passwords
Solutions

Update firmware version to 1.0039 or later. 

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html
N/A
Hyperlink: https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html
x_transferred
Hyperlink: https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
spotcam_co_ltd
Product
spotcam_fhd2
CPEs
  • cpe:2.3:a:spotcam_co_ltd:spotcam_fhd2:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 1.0036
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found