Main Vulnerability Database SB2018122805

SB2018122805 - Information disclosure in Guardzilla cameras

Published: December 28, 2018 Updated: December 28, 2018

Security Bulletin ID SB2018122805

CSH Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Use of hardcoded credentials (CVE-ID: CVE-2018-5560)

The vulnerability allows a remote attacker can obtain potentially sensitive information on the target system.

The weakness exists due to the Guardzilla IoT-enabled home video surveillance system contains a shared Amazon S3 credential used for storing saved video data. A remote attacker can view and download any stored file/video in the associated buckets.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-...
https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/