Description
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.
Exploits (1)
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://blogs.securiteam.com/index.php/archives/3444
Scores
CVSS v3
7.5
EPSS
0.0444
EPSS Percentile
89.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
tiandy/tiandy_ip_camera_firmware
5.56.17.120
Published
Oct 11, 2017
Tracked Since
Feb 18, 2026