CVE-2024-31798

Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p	Product
https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-15 17:15

Updated : 2024-08-16 13:59

NVD link : CVE-2024-31798

Mitre link : CVE-2024-31798

CVE.ORG link : CVE-2024-31798

JSON object : View

Products Affected

gncchome

gncc_c2_firmware
_gncc_c2

CWE

CWE-798

Use of Hard-coded Credentials

CWE-259

Use of Hard-coded Password

{"id": "CVE-2024-31798", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2024-08-15T17:15:17.013", "references": [{"url": "https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-259"}]}], "descriptions": [{"lang": "en", "value": "Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices"}, {"lang": "es", "value": " La contrase\u00f1a root id\u00e9ntica codificada para todos los dispositivos en GNCC's GC2 Indoor Security Camera 1080P permite a un atacante con acceso f\u00edsico recuperar la contrase\u00f1a de root para todos los dispositivos similares"}], "lastModified": "2024-08-16T13:59:00.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD479C7A-72DD-4266-B7D6-730ED8D9F3C7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8F1C15B-9990-41D5-96DE-E3E8FD1D7A68"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}