How severe is CVE-2017-10718?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2017-10718?

This is classified as CWE-255, which is a common weakness in software security.

CVE-2017-10718 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.

Related Vulnerabilities

CVE-2015-4684

MEDIUM

CVSS:6.5(Medium)

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modif...

CWE-2552015

CVE-2016-10821

MEDIUM

CVSS:6.5(Medium)

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

CWE-2552016

CVE-2016-5950

MEDIUM

CVSS:6.5(Medium)

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.

CWE-2552016

CVE-2016-6110

MEDIUM

CVSS:6.5(Medium)

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

CWE-2552016

CVE-2016-6815

MEDIUM

CVSS:6.5(Medium)

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

CWE-2552016

CVE-2016-9204

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1...

CWE-2552016