Path Traversal Vulnerability in Smartwares Cameras by Smartwares
CVE-2024-13894

5.9MEDIUM

Key Information:

Vendor: Smartwares
Status: Cip-37210at; C724ip
Vendor: CVE Published:; 6 March 2025

What is CVE-2024-13894?

Smartwares cameras, including the CIP-37210AT and C724IP models, are susceptible to path traversal attacks due to a flaw in their firmware versions up to 3.3.0. When these devices connect to a mobile application, they expose a critical vulnerability by opening port 10000. This flaw allows malicious users to gain unauthorized access to sensitive images by manipulating file paths. The directory access is not properly restricted, posing significant risks to user privacy and data security. As the vendor has not addressed these reports, the status of any potential patches remains uncertain, and newer firmware versions may also be at risk.

Affected Version(s)

C724IP 0 <= 3.3.0

CIP-37210AT 0 <= 3.3.0

References

https://cert.pl/en/posts/2025/03/CVE-2024-13892/

third-party-advisory

https://www.smartwares.eu/en-gb/smartwares-cip-37210at-in...

product

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Feb 20, 2025

Credit

Michał Majchrowicz (Afine Team)

Marcin Wyczechowski (Afine Team)

JSON