CVE-2017-11510

CRITICAL

Wanscam HW0021 - Info Disclosure

Title source: llm

Description

An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request.

References (1)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2017-33

Scores

CVSS v3 9.8

EPSS 0.0095

EPSS Percentile 76.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-200

Status published

Affected Products (1)

wanscam/hw0021_firmware

Timeline

Published Mar 28, 2018

Tracked Since Feb 18, 2026