CVE-2024-31799

Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p	Product
https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-15 17:15

Updated : 2024-08-16 18:35

NVD link : CVE-2024-31799

Mitre link : CVE-2024-31799

CVE.ORG link : CVE-2024-31799

JSON object : View

Products Affected

gncchome

gncc_c2_firmware
_gncc_c2

CWE

CWE-319

Cleartext Transmission of Sensitive Information

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-31799", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2024-08-15T17:15:17.127", "references": [{"url": "https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port."}, {"lang": "es", "value": " La divulgaci\u00f3n de informaci\u00f3n en GNCC's GC2 Indoor Security Camera 1080P permite a un atacante con acceso f\u00edsico leer la frase de contrase\u00f1a de WiFi a trav\u00e9s del puerto de depuraci\u00f3n UART."}], "lastModified": "2024-08-16T18:35:10.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gncchome:gncc_c2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD479C7A-72DD-4266-B7D6-730ED8D9F3C7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gncchome:_gncc_c2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8F1C15B-9990-41D5-96DE-E3E8FD1D7A68"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}