Detections
Analytics

CVE-2020-23826

high

Description

The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176

References

https://whiterosezex.blogspot.com/2021/01/cve-2020-23826-rce-vulnerability-in.html

https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/

https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf

Details

Source: Mitre, NVD

Published: 2021-01-26

Updated: 2024-08-04

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.11379