CVE-2022-28860

EUVD-2022-33297
An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
citilogcitilog
8.0
𝑥
= Vulnerable software versions
References
https://github.com/ErwanBroquaire/citilog-8.0-vulnerability
https://www.citilog.com
https://www.citilog.com/wp-content/uploads/2023/07/CitilogSAS_information_note_2021-10-18-English.pdf
https://github.com/ErwanBroquaire/citilog-8.0-vulnerability
https://www.citilog.com
https://www.citilog.com/wp-content/uploads/2023/07/CitilogSAS_information_note_2021-10-18-English.pdf