CVE-2018-5560

Guardzilla All-In-One Video Security System Hard-Coded Credential

CVSS 10 CRITICALEPSS 1.6%CWE-798

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 10EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

31 Jan 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected products

Practecol, LLC · Guardzilla All-In-One Video Security System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/