Guardzilla: Security Vulnerabilities
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.
CVSS Score
10.0
EPSS Score
0.005
Published
2019-01-31
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.
CVSS Score
8.1
EPSS Score
0.017
Published
2018-12-31
The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow.
CVSS Score
8.1
EPSS Score
0.005
Published
2018-12-31
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-31