Denial of Service Vulnerability in Sricam IP CCTV Cameras by Sricam
CVE-2019-6973

7.5HIGH

Key Information:

Vendor: Genivia
Status: Gsoap
Vendor: CVE Published:; 17 March 2019

What is CVE-2019-6973?

Sricam IP CCTV cameras are susceptible to denial of service attacks due to improper handling of incomplete HTTP requests. The web server, utilizing gSOAP 2.8.x, employs an iterative queueing method which lacks the necessary threading support, resulting in a slow response to requests. Attackers can exploit this weakness by flooding the server with multiple incomplete HTTP requests, leading to potential service unavailability and disruption of surveillance operations.

References

https://www.exploit-db.com/exploits/46261/

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/151377/Sricam-gSOAP-...

x_refsource_MISC

https://github.com/bitfu/sricam-gsoap2.8-dos-exploit

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2019
Vulnerability Reserved
Jan 25, 2019

Genivia

What is CVE-2019-6973?

References

EPSS Score

CVSS V3.1

Timeline