CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-23826

The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176

Exploit prediction scoring system (EPSS) score

EPSS Score 0.114

EPSS Ranking 93.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/
https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf
https://whiterosezex.blogspot.com/2021/01/cve-2020-23826-rce-vulnerability-in.html
https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/
https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf
https://whiterosezex.blogspot.com/2021/01/cve-2020-23826-rce-vulnerability-in.html

Products affected by CVE-2020-23826

Assaabloy » Yale Wipc-303w » Version: N/A

cpe:2.3:h:assaabloy:yale_wipc-303w:-
Assaabloy » Yale Wipc-303w Firmware » Version: 2.21

cpe:2.3:o:assaabloy:yale_wipc-303w_firmware:2.21
Assaabloy » Yale Wipc-303w Firmware » Version: 2.31

cpe:2.3:o:assaabloy:yale_wipc-303w_firmware:2.31

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-23826

Products

Pricing

Contact Us