Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-47789
PUBLISHED
More InfoOfficial Page
Assigner-CERT-In
Assigner Org ID-66834db9-ab24-42b4-be80-296b2e40335c
View Known Exploited Vulnerability (KEV) details
Published At-04 Oct, 2024 | 12:43
Updated At-14 Oct, 2024 | 10:52
Rejected At-
▼CVE Numbering Authority (CNA)
Credential Leakage Vulnerability

** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected Products
Vendor
D3D Security
Product
IP Camera D8801
Default Status
unaffected
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
CWECWE-319CWE-319: Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: CWE-319: Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-117CAPEC-117: Interception
CAPEC ID: CAPEC-117
Description: CAPEC-117: Interception
Solutions

As per the information provided by the vendor, the product has reached its End of Life (EOL) in January 2024 and is no longer supported by them. It is recommended to discontinue use of the product or replace with a supported product appropriately.

Configurations
Workarounds
Exploits
Credits
finder
This vulnerability is reported by Priyanka R. Chaudhary, BITS Pilani, Hyderabad.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0314
third-party-advisory
Hyperlink: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0314
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
d3dsecurity
Product
d8801
CPEs
  • cpe:2.3:h:d3dsecurity:d8801:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 through * (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found