Description
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/
Exploit, Third Party Advisory x_refsource_misc
https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/
Scores
CVSS v3
10.0
EPSS
0.0162
EPSS Percentile
73.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-798
Status
published
Products (1)
guardzilla/gz521w_firmware
Published
Jan 31, 2019
Tracked Since
Feb 18, 2026