CVE-2017-8221

{"id": "CVE-2017-8221", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-04-25T20:59:00.290", "references": [{"url": "http://seclists.org/fulldisclosure/2017/Mar/23", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#cloud", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network."}, {"lang": "es", "value": "Los dispositivos Wireless IP Camera (P2P) WIFICAM se basan en un protocolo de t\u00fanel UDP en texto claro (tambi\u00e9n conocido como la funci\u00f3n Cloud) para la comunicaci\u00f3n entre una aplicaci\u00f3n Android y un dispositivo c\u00e1mara, lo que permite a los atacantes remotos obtener informaci\u00f3n sensible escuchando la red."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:wificam:wireless_ip_camera_\\(p2p\\)_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D08E453A-E40A-48E7-9FC0-2CCEB7052644"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:wificam:wireless_ip_camera_\\(p2p\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "407AAB84-DC42-4CC9-A33F-4EBDE16C97E9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}