CVE-2022-38970
Severity CVSS v4.0:
Pending analysis
Type:
CWE-330
Use of Insufficiently Random Value
Publication date:
26/09/2022
Last modified:
21/05/2025
Description
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:iegeek:ig20_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:iegeek:ig20:-:*:*:*:*:*:*:* | ||
cpe:2.3:a:hipcam:realserver:1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page