CVE-2021-26627 HIGH

CVE-2021-26627: EDrhyme QCP 200W Information Exposure Vulnerability

Vendor Edrhyme Co.,Ltd
Product QCP 200W
Weakness CWE-284
Published April 19, 2022
Last update August 3, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.

Key dates

02Disclosure timeline

April 19, 2022 CVE published
August 3, 2024 Record updated