9.8

CVE-2018-17879

Exploit

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AbusTvip 10000 Firmware Version-
   AbusTvip 10000 Version-
AbusTvip 10001 Firmware Version-
   AbusTvip 10001 Version-
AbusTvip 10005 Firmware Version-
   AbusTvip 10005 Version-
AbusTvip 10005a Firmware Version-
   AbusTvip 10005a Version-
AbusTvip 10005b Firmware Version-
   AbusTvip 10005b Version-
AbusTvip 10050 Firmware Version-
   AbusTvip 10050 Version-
AbusTvip 10051 Firmware Version-
   AbusTvip 10051 Version-
AbusTvip 10055a Firmware Version-
   AbusTvip 10055a Version-
AbusTvip 10055b Firmware Version-
   AbusTvip 10055b Version-
AbusTvip 10500 Firmware Version-
   AbusTvip 10500 Version-
AbusTvip 10550 Firmware Version-
   AbusTvip 10550 Version-
AbusTvip 11000 Firmware Version-
   AbusTvip 11000 Version-
AbusTvip 11050 Firmware Version-
   AbusTvip 11050 Version-
AbusTvip 11500 Firmware Version-
   AbusTvip 11500 Version-
AbusTvip 11501 Firmware Version-
   AbusTvip 11501 Version-
AbusTvip 11502 Firmware Version-
   AbusTvip 11502 Version-
AbusTvip 11550 Firmware Version-
   AbusTvip 11550 Version-
AbusTvip 11551 Firmware Version-
   AbusTvip 11551 Version-
AbusTvip 11552 Firmware Version-
   AbusTvip 11552 Version-
AbusTvip 20000 Firmware Version-
   AbusTvip 20000 Version-
AbusTvip 20050 Firmware Version-
   AbusTvip 20050 Version-
AbusTvip 20500 Firmware Version-
   AbusTvip 20500 Version-
AbusTvip 20550 Firmware Version-
   AbusTvip 20550 Version-
AbusTvip 21000 Firmware Version-
   AbusTvip 21000 Version-
AbusTvip 21050 Firmware Version-
   AbusTvip 21050 Version-
AbusTvip 21500 Firmware Version-
   AbusTvip 21500 Version-
AbusTvip 21501 Firmware Version-
   AbusTvip 21501 Version-
AbusTvip 21502 Firmware Version-
   AbusTvip 21502 Version-
AbusTvip 21550 Firmware Version-
   AbusTvip 21550 Version-
AbusTvip 21551 Firmware Version-
   AbusTvip 21551 Version-
AbusTvip 21552 Firmware Version-
   AbusTvip 21552 Version-
AbusTvip 22500 Firmware Version-
   AbusTvip 22500 Version-
AbusTvip 31000 Firmware Version-
   AbusTvip 31000 Version-
AbusTvip 31001 Firmware Version-
   AbusTvip 31001 Version-
AbusTvip 31050 Firmware Version-
   AbusTvip 31050 Version-
AbusTvip 31500 Firmware Version-
   AbusTvip 31500 Version-
AbusTvip 31501 Firmware Version-
   AbusTvip 31501 Version-
AbusTvip 31550 Firmware Version-
   AbusTvip 31550 Version-
AbusTvip 31551 Firmware Version-
   AbusTvip 31551 Version-
AbusTvip 32500 Firmware Version-
   AbusTvip 32500 Version-
AbusTvip 51500 Firmware Version-
   AbusTvip 51500 Version-
AbusTvip 51550 Firmware Version-
   AbusTvip 51550 Version-
AbusTvip 71500 Firmware Version-
   AbusTvip 71500 Version-
AbusTvip 71501 Firmware Version-
   AbusTvip 71501 Version-
AbusTvip 71550 Firmware Version-
   AbusTvip 71550 Version-
AbusTvip 71551 Firmware Version-
   AbusTvip 71551 Version-
AbusTvip 72500 Firmware Version-
   AbusTvip 72500 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.14% 0.826
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.