CVE-2017-11510
CRITICALWanscam HW0021 Firmware - Unauthenticated Administrator Credential Exposure via ONVIF GetSnapshotUri Request
Title source: llmDescription
An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2017-33
Scores
CVSS v3
9.8
EPSS
0.0154
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
CWE-522
Status
published
Products (1)
wanscam/hw0021_firmware
11.6.5.1.1-20161213
Published
Mar 28, 2018
Tracked Since
Feb 18, 2026