Описание
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:axis:network_camera_firmware:-:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:axis:cannon_network_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:explosion-protected_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fixed_box_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fixed_bullet_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fixed_dome_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:modular_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:onboard_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:panoramic_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:ptz_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:thermal_camera:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.19127
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
EPSS
Процентиль: 95%
0.19127
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-77