The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server.
References
Configurations
Configuration 1 (hide)
AND |
|
History
28 Jul 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jul 2022, 01:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:citilog:citilog:8.0:*:*:*:*:*:*:* cpe:2.3:h:axis:m1125:-:*:*:*:*:*:*:* |
|
References | (MISC) https://github.com/ErwanBroquaire/citilog-8.0-vulnerability - Third Party Advisory | |
References | (MISC) https://www.citilog.com - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CWE | CWE-319 | |
First Time |
Axis
Axis m1125 Citilog citilog Citilog |
21 Jul 2022, 16:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-21 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-28861
Mitre link : CVE-2022-28861
CVE.ORG link : CVE-2022-28861
JSON object : View
Products Affected
axis
- m1125
citilog
- citilog
CWE
CWE-319
Cleartext Transmission of Sensitive Information