CVE-2018-18602
moderate-risk
Published 2018-12-31
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.
Do I need to act?
-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (6)
360 Outdoor Firmware
180 Outdoor Firmware
360 Indoor Firmware
180 Indoor Firmware
Outdoor Hd Camera Firmware
Indoor Hd Camera Firmware
Affected Vendors
References (2)
Third Party Advisory
https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-camera...
Third Party Advisory
https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-camera...
46
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
13/34 · Low