CVE-2024-46959
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-46959 identifies a vulnerability in the runofast Indoor Security Camera for Baby Monitor, which has a default root account password set to "password." This weak security configuration allows unauthorized access to the video and audio streams via the rtsp:// protocol, posing a high confidentiality risk. The vulnerability requires no privileges or user interaction to exploit and can be accessed through an adjacent network, with a base severity rating of medium (6.5). Remediation involves changing the default password to enhance security and prevent unauthorized access. Organizations using this product should address this issue promptly to mitigate potential privacy breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.