CVE-2022-38970

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-330
View all →

Vulnerability Description

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.

Related Vulnerabilities

CVE-2017-17910

MEDIUM
CVSS:6.5(Medium)

On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur trans...

CWE-3302017

CVE-2018-1279

MEDIUM
CVSS:6.5(Medium)

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain informat...

CWE-3302018

CVE-2018-18425

MEDIUM
CVSS:6.5(Medium)

The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply...

CWE-3302018

CVE-2018-19983

MEDIUM
CVSS:6.5(Medium)

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the at...

CWE-3302018

CVE-2019-6821

MEDIUM
CVSS:6.5(Medium)

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, an...

CWE-3302019

CVE-2019-9102

MEDIUM
CVSS:6.5(Medium)

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of g...

CWE-3302019