CVE-2019-6973

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
geniviagsoap
2.8.0
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html
https://github.com/bitfu/sricam-gsoap2.8-dos-exploit
https://www.exploit-db.com/exploits/46261/
http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html
https://github.com/bitfu/sricam-gsoap2.8-dos-exploit
https://www.exploit-db.com/exploits/46261/