CVE-2018-10734

KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
kongtopd303_firmware
-
kongtopd305_firmware
-
kongtopd403_firmware
-
kongtopa303_firmware
-
kongtopa403_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/hucmosin/MyBook/blob/master/KONGTOP_DVR_devices_vulnerability_report-CVE-2018-10734.pdf
https://github.com/hucmosin/MyBook/blob/master/fu/DVR.pdf
https://github.com/hucmosin/Python_Small_Tool/blob/master/other/DVR_POC.py
https://github.com/hucmosin/MyBook/blob/master/KONGTOP_DVR_devices_vulnerability_report-CVE-2018-10734.pdf
https://github.com/hucmosin/MyBook/blob/master/fu/DVR.pdf
https://github.com/hucmosin/Python_Small_Tool/blob/master/other/DVR_POC.py