9.1
CVE-2018-3937
- EPSS 5.46%
- Veröffentlicht 14.08.2018 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:06:20
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
LoginAn exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sony ≫ Snc-eb600 Firmware Version1.87.00
Sony ≫ Snc-eb630 Firmware Version1.87.00
Sony ≫ Snc-eb600b Firmware Version1.87.00
Sony ≫ Snc-eb630b Firmware Version1.87.00
Sony ≫ Snc-eb602r Firmware Version1.87.00
Sony ≫ Snc-eb632r Firmware Version1.87.00
Sony ≫ Snc-em600 Firmware Version1.87.00
Sony ≫ Snc-em601 Firmware Version1.87.00
Sony ≫ Snc-em630 Firmware Version1.87.00
Sony ≫ Snc-em631 Firmware Version1.87.00
Sony ≫ Snc-em602r Firmware Version1.87.00
Sony ≫ Snc-em632r Firmware Version1.87.00
Sony ≫ Snc-em602rc Firmware Version1.87.00
Sony ≫ Snc-em632rc Firmware Version1.87.00
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.46% | 0.898 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| talos-cna@cisco.com | 9.1 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.