A vulnerability, which was classified as critical, was found in Longse Technology LBH30FE200W (affected version unknown). Affected is an unknown functionality. The manipulation with an unknown input leads to a backdoor vulnerability. CWE is classifying the issue as CWE-912. The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.  An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.

The weakness was disclosed by Adam Zambrzycki. The advisory is available at zamel.com. This vulnerability is traded as CVE-2024-5633 since 06/04/2024. The exploitability is told to be difficult. Local access is required to approach this attack. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1588.001 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• Longse Technology

Name

• LBH30FE200W

Support

• end of life

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion