CVE-2021-40380

high-risk

Published 2021-09-01

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials.

Do I need to act?

39.5% chance of exploitation in next 30 days

EPSS score — higher than 60% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

50252

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (4)

Ip70 Firmware

Ip570 Firmware

Ip60 Firmware

Tn540 Firmware

Affected Vendors

Comprotech

References (4)

Third Party Advisory http://packetstormsecurity.com/files/164027/Compro-Technology-IP-Camera-Credenti...

Broken Link https://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-v...

Third Party Advisory http://packetstormsecurity.com/files/164027/Compro-Technology-IP-Camera-Credenti...

Broken Link https://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-v...

/ 100

high-risk

Severity 26/34 · High

Exploitability 17/34 · Moderate

Exposure 10/34 · Low