Vulnerability Details CVE-2016-2360
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- http://kirils.org/slides/2016-10-06_Milesight_initial.pdf
- https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/
- https://www.youtube.com/watch?v=scckkI7CAW0
- http://kirils.org/slides/2016-10-06_Milesight_initial.pdf
- https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/
- https://www.youtube.com/watch?v=scckkI7CAW0
Products affected by CVE-2016-2360
-
cpe:2.3:h:milesight:ip_security_camera:-
-
cpe:2.3:o:milesight:ip_security_camera_firmware:-
-
cpe:2.3:o:milesight:ip_security_camera_firmware:2016-11-14