CVE-2018-17559

high-risk
Published 2023-10-26

Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Tvip 10000 Firmware
Tvip 10001 Firmware
Tvip 10005 Firmware
Tvip 10005A Firmware
Tvip 10005B Firmware
Tvip 10050 Firmware
Tvip 10051 Firmware
Tvip 10055A Firmware
Tvip 10055B Firmware
Tvip 10500 Firmware
Tvip 10550 Firmware
Tvip 11000 Firmware
Tvip 11050 Firmware
Tvip 11500 Firmware
Tvip 11501 Firmware
Tvip 11502 Firmware
Tvip 11550 Firmware
Tvip 11551 Firmware
Tvip 11552 Firmware
Tvip 20000 Firmware

Affected Vendors

Abus

References (4)

Exploit https://sec.maride.cc/posts/abus/#cve-2018-17559
Third Party Advisory https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-er...
Exploit https://sec.maride.cc/posts/abus/#cve-2018-17559
Third Party Advisory https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-er...
52
/ 100
high-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 25/34 · High