CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2010-0593
https://notcve.org/view.php?id=CVE-2010-0593
The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726. Cisco RVS4000 4-port Gigabit Security Router en versiones anteriores a la v1.3.2.0, PVC2300 Business Internet Video Camera en versiones anteriores a la v1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, y WVC2300 Wireless-G Business Internet Video Camera en versiones anteriores a la v1.1.2.6 no restringen de manera apropiada el acceso de lectura a las contraseñas, lo que permite a atacantes dependiendo del contexto obtener información confidencial. Vulnerabilidad relacionada con (1) acceso de usuarios remotos autenticados a PVC2300 o WVC2300 a través de una URL modificada, (2) habilitar privilegios de configuración en un WVC200 o WVC210, y (3) habilitar privilegios de administración en un RVS4000. También conocido como Bug ID CSCte64726. • http://osvdb.org/63978 http://secunia.com/advisories/39510 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml http://www.securityfocus.com/bid/39612 http://www.securitytracker.com/id?1023906 http://www.vupen.com/english/advisories/2010/0965 https://exchange.xforce.ibmcloud.com/vulnerabilities/58034 • CWE-264: Permissions, Privileges, and Access Controls •