CVE-2022-38970

MEDIUM

ieGeek IG20 hipcam RealServer V1.0 - Incorrect Access Control

Title source: llm

Description

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.

References (1)

[Exploit, Technical Description, Third Party Advisory] https://www.realinfosec.net/cybersecurity-news/iegeek-vulnerabilities-still-prevalent-in-2022-amazon-ft-ig20/

Scores

CVSS v3 6.5

EPSS 0.0043

EPSS Percentile 62.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-330

Status published

Products (2)

hipcam/realserver 1.0

iegeek/ig20_firmware

Published Sep 26, 2022

Tracked Since Feb 18, 2026