CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-13114

Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://utkusen.com/blog/multiple-vulnerabilities-on-kerui-endoscope-camera.html
https://utkusen.com/blog/multiple-vulnerabilities-on-kerui-endoscope-camera.html

Products affected by CVE-2018-13114

Keruigroup » Ypc99 » Version: N/A

cpe:2.3:h:keruigroup:ypc99:-
Keruigroup » Ypc99 Firmware » Version: N/A

cpe:2.3:o:keruigroup:ypc99_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-13114

Products

Pricing

Contact Us