Sergey Zelensky

4 exploits Active since Sep 2020
CVE-2020-25747 NOMISEC CRITICAL WRITEUP
Rubetek RV-3406, RV-3409, and RV-3411 Firmware v339, v342 - Unauthenticated Access to RTSP and ONFIV Services
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.
1 stars
CVSS 9.4
CVE-2020-25748 NOMISEC HIGH WRITEUP
Rubetek RV-3406, RV-3409, and RV-3411 Firmware v342, v339 - Cleartext Transmission of Sensitive Information
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.
1 stars
CVSS 8.1
CVE-2020-25749 NOMISEC CRITICAL WRITEUP
Rubetek RV-3406, RV-3409, RV-3411 Firmware v339, v342 - Use of Hard-coded Credentials in Telnet Service
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
1 stars
CVSS 9.8
CVE-2020-16270 NOMISEC MEDIUM WRITEUP
OLIMPOKS < 3.3.39 - Authenticated Cross-Site Scripting via Error Message
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.
CVSS 6.1