본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26627 | EDrhyme QCP 200W Information Exposure Vulnerability2022.04.19
□ Overview
 o EDrhyme Co.,Ltd released security update to address Information Exposure vulnerability in QCP 200W (IP camera)
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper Access Control exposure of real-time
image information
High 7.5 CVE-2021-26627

□ Description
 o Real-time image information exposure is caused by insufficient authentication for activated RTSP port.
 o This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.

□ Affected Product
Affected Product
Product Version Platform
QCP 200W No version information Windows, Android

□ Solution
 o To address this vulnerability, DErhyme Co., Ltd deploys application automatically updates included default RTSP port blocking and app account security enhancements.

□ Reference
 [1] http://www.qcp.co.kr/product_detail.php?model=qcp200w

□ Etc
 o Thanks to Jo Hyungeun for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀