Remote Attackers Can Access Sensitive Information via Firmware Update Process
CVE-2024-48791

7.5HIGH

Key Information:

Vendor: Plug n Play Camera com.starvedia.mCamView.zwave
Vendor: CVE Published:; 14 October 2024

🔔 Create Plug n Play Camera com.starvedia.mCamView.zwave Vulnerability Alert

What is CVE-2024-48791?

A vulnerability in the Plug n Play Camera manufactured by Starvedia allows remote attackers to exploit the firmware update process. This flaw permits unauthorized access to sensitive information, compromising user data and device integrity. The issue is rooted in improper handling of firmware updates, which can potentially expose critical information to malicious actors. Users of the affected product are advised to apply necessary updates and review security practices to mitigate potential risks associated with this vulnerability.

References

http://www.starvedia.com/

https://github.com/HankJames/Vul-Reports/blob/main/Firmwa...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2024