Description
An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update.
References (1)
Core 1
Core References
Broken Link x_refsource_misc
http://f1security.co.kr/cve/cve_190314.htm
Scores
CVSS v3
9.8
EPSS
0.0164
EPSS Percentile
73.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (2)
vstarcam/c7824iwp_firmware
kr75.8.53.20
vstracm/c38s_firmware
kr203.18.1.20
Published
May 23, 2019
Tracked Since
Feb 18, 2026