ErwanBroquaire/citilog-8.0-vulnerability

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

Description of a vulnerability discovered on citilog servers in version 8.0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-28860 ↗	Jul 21, 2022Thursday, 21 July 2022, 16:15	5.9 MEDIUM	—
An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.
CVE-2022-28861 ↗	Jul 21, 2022Thursday, 21 July 2022, 16:15	5.9 MEDIUM	—
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server.