The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| guardzilla | 180_outdoor_firmware | - |
| guardzilla | 180_indoor_firmware | - |
The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| guardzilla | gz621w_firmware | 0.5.1.4 |
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| guardzilla | 360_outdoor_firmware | - |
| guardzilla | 180_outdoor_firmware | - |
| guardzilla | outdoor_hd_camera_firmware | - |
| guardzilla | 180_indoor_firmware | - |
| guardzilla | indoor_hd_camera_firmware | - |
| guardzilla | 360_indoor_firmware | - |
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| guardzilla | gz521w_firmware | * |