CVE-2024-5634 HIGH

CVE-2024-5634

Vendor Longse Technology
Product LBH30FE200W
Weakness CWE-1391
Published July 9, 2024
Last update August 1, 2024

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy.  Additionally, every camera with the same firmware version shares the same password.

Key dates

02Disclosure timeline

July 9, 2024 CVE published
August 1, 2024 Record updated