CVE-2019-10710
Last modified
CVE-2019-10710 is a vulnerability of currently unknown severity. Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.. EPSS estimates a 1.12% chance of exploitation in the next 30 days.
Description
Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hisilicon | Hi3510 Firmware | All versions |
References
- https://dojo.bullguard.com/dojo-by-bullguard/blog/cam-hi-risk/Mitigation, Third Party Advisory
- https://dojo.bullguard.com/dojo-by-bullguard/blog/cam-hi-risk/Mitigation, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10710?
How severe is CVE-2019-10710?
How do I fix CVE-2019-10710?
Are you affected by CVE-2019-10710?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST