CVE-2018-5560
10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Summary
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Practecol, LLC | Guardzilla All-In-One Video Security System | 2018 | affected |
Weaknesses
- CWE-798: CWE-798
- Use of Hard-coded Credentials
Workarounds
Users concerned with video privacy should disable the cloud storage functionality provided by the vendor.
ADP Enrichment
CVE Program Container
Additional References
- https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/
- https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/
References
- https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/
- https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.