CVE-2018-17240

high-risk

Published 2022-06-10

There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password).

Do I need to act?

42.5% chance of exploitation in next 30 days

EPSS score — higher than 58% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (2)

Indoor Ip Camera Firmware

Outdoor Ip Camera Firmware

Affected Vendors

Netwavepr

References (6)

Third Party Advisory https://github.com/BBge/CVE-2018-17240

Exploit https://github.com/BBge/CVE-2018-17240/blob/main/exploit.py

Broken Link https://www.bbge.org/file/exploit.py

Third Party Advisory https://github.com/BBge/CVE-2018-17240

Exploit https://github.com/BBge/CVE-2018-17240/blob/main/exploit.py

Broken Link https://www.bbge.org/file/exploit.py

/ 100

high-risk

Severity 26/34 · High

Exploitability 17/34 · Moderate

Exposure 7/34 · Low