Unauthenticated Remote Access to Zivif PR115-204-P-RS V2.3.4.2103 Webcams via CGI Parameter
CVE-2017-17106 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.
Learn more about our Web App Pen Testing.