Описание
The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.
The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-30166
- https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e
- https://www.chtsecurity.com/news/0b733a38-e616-4ff3-86a6-13e710643388
- https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf
- https://www.twcert.org.tw/tw/cp-132-4676-391a5-1.html
Связанные уязвимости
CVSS3: 7.2
nvd
почти 5 лет назад
The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission.