Vulnerability Details CVE-2022-38970
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.9%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2022-38970
-
cpe:2.3:a:hipcam:realserver:1.0
-
cpe:2.3:h:iegeek:ig20:-
-
cpe:2.3:o:iegeek:ig20_firmware:-