Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-6973Gsoap vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
12.5%
top 6.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Genivia Gsoap
Timeline
PublishedMar 21
Latest updateMay 13

Description

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDgenivia/gsoap2.8.0

🔴Vulnerability Details

2
GHSA
GHSA-2987-2gpf-qmqg: Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 22022-05-13
CVEList
CVE-2019-6973: Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 22019-03-17

💥Exploits & PoCs

1
Exploit-DB
Sricam gSOAP 2.8 - Denial of Service2019-01-28
CVE-2019-6973 — Genivia Gsoap vulnerability | cvebase