CVE-2018-17558

Exploit

EPSS 2.54%
Published 26.10.2023 22:15:08
Last modified 21.11.2024 03:54:35
Source cve@mitre.org
Teams watchlist Login
Open Login

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Abus ≫ Tvip 10000 Firmware Version-

Abus ≫ Tvip 10000 Version-

Abus ≫ Tvip 10001 Firmware Version-

Abus ≫ Tvip 10001 Version-

Abus ≫ Tvip 10005 Firmware Version-

Abus ≫ Tvip 10005 Version-

Abus ≫ Tvip 10005a Firmware Version-

Abus ≫ Tvip 10005a Version-

Abus ≫ Tvip 10005b Firmware Version-

Abus ≫ Tvip 10005b Version-

Abus ≫ Tvip 10050 Firmware Version-

Abus ≫ Tvip 10050 Version-

Abus ≫ Tvip 10051 Firmware Version-

Abus ≫ Tvip 10051 Version-

Abus ≫ Tvip 10055a Firmware Version-

Abus ≫ Tvip 10055a Version-

Abus ≫ Tvip 10055b Firmware Version-

Abus ≫ Tvip 10055b Version-

Abus ≫ Tvip 10500 Firmware Version-

Abus ≫ Tvip 10500 Version-

Abus ≫ Tvip 10550 Firmware Version-

Abus ≫ Tvip 10550 Version-

Abus ≫ Tvip 11000 Firmware Version-

Abus ≫ Tvip 11000 Version-

Abus ≫ Tvip 11050 Firmware Version-

Abus ≫ Tvip 11050 Version-

Abus ≫ Tvip 11500 Firmware Version-

Abus ≫ Tvip 11500 Version-

Abus ≫ Tvip 11501 Firmware Version-

Abus ≫ Tvip 11501 Version-

Abus ≫ Tvip 11502 Firmware Version-

Abus ≫ Tvip 11502 Version-

Abus ≫ Tvip 11550 Firmware Version-

Abus ≫ Tvip 11550 Version-

Abus ≫ Tvip 11551 Firmware Version-

Abus ≫ Tvip 11551 Version-

Abus ≫ Tvip 11552 Firmware Version-

Abus ≫ Tvip 11552 Version-

Abus ≫ Tvip 20000 Firmware Version-

Abus ≫ Tvip 20000 Version-

Abus ≫ Tvip 20050 Firmware Version-

Abus ≫ Tvip 20050 Version-

Abus ≫ Tvip 20500 Firmware Version-

Abus ≫ Tvip 20500 Version-

Abus ≫ Tvip 20550 Firmware Version-

Abus ≫ Tvip 20550 Version-

Abus ≫ Tvip 21000 Firmware Version-

Abus ≫ Tvip 21000 Version-

Abus ≫ Tvip 21050 Firmware Version-

Abus ≫ Tvip 21050 Version-

Abus ≫ Tvip 21500 Firmware Version-

Abus ≫ Tvip 21500 Version-

Abus ≫ Tvip 21501 Firmware Version-

Abus ≫ Tvip 21501 Version-

Abus ≫ Tvip 21502 Firmware Version-

Abus ≫ Tvip 21502 Version-

Abus ≫ Tvip 21550 Firmware Version-

Abus ≫ Tvip 21550 Version-

Abus ≫ Tvip 21551 Firmware Version-

Abus ≫ Tvip 21551 Version-

Abus ≫ Tvip 21552 Firmware Version-

Abus ≫ Tvip 21552 Version-

Abus ≫ Tvip 22500 Firmware Version-

Abus ≫ Tvip 22500 Version-

Abus ≫ Tvip 31000 Firmware Version-

Abus ≫ Tvip 31000 Version-

Abus ≫ Tvip 31001 Firmware Version-

Abus ≫ Tvip 31001 Version-

Abus ≫ Tvip 31050 Firmware Version-

Abus ≫ Tvip 31050 Version-

Abus ≫ Tvip 31500 Firmware Version-

Abus ≫ Tvip 31500 Version-

Abus ≫ Tvip 31501 Firmware Version-

Abus ≫ Tvip 31501 Version-

Abus ≫ Tvip 31550 Firmware Version-

Abus ≫ Tvip 31550 Version-

Abus ≫ Tvip 31551 Firmware Version-

Abus ≫ Tvip 31551 Version-

Abus ≫ Tvip 32500 Firmware Version-

Abus ≫ Tvip 32500 Version-

Abus ≫ Tvip 51500 Firmware Version-

Abus ≫ Tvip 51500 Version-

Abus ≫ Tvip 51550 Firmware Version-

Abus ≫ Tvip 51550 Version-

Abus ≫ Tvip 71500 Firmware Version-

Abus ≫ Tvip 71500 Version-

Abus ≫ Tvip 71501 Firmware Version-

Abus ≫ Tvip 71501 Version-

Abus ≫ Tvip 71550 Firmware Version-

Abus ≫ Tvip 71550 Version-

Abus ≫ Tvip 71551 Firmware Version-

Abus ≫ Tvip 71551 Version-

Abus ≫ Tvip 72500 Firmware Version-

Abus ≫ Tvip 72500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.54%	0.84

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://sec.maride.cc/posts/abus/

Third Party Advisory

Exploit

https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-17558

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-17558

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-17558

EUVD