MidnightBSD

Advisories for guardzilla

CVE-2018-18600 HIGH

The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
guardzilla 180_outdoor_firmware -
guardzilla 180_indoor_firmware -
CVE-2018-18601 MEDIUM

The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
guardzilla gz621w_firmware 0.5.1.4
CVE-2018-18602 MEDIUM

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
guardzilla 360_outdoor_firmware -
guardzilla 180_outdoor_firmware -
guardzilla outdoor_hd_camera_firmware -
guardzilla 180_indoor_firmware -
guardzilla indoor_hd_camera_firmware -
guardzilla 360_indoor_firmware -
CVE-2018-5560 MEDIUM

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
guardzilla gz521w_firmware *