exploitDog

CVE-2017-18377

Опубликовано: 11 июн. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.

Ссылки

https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-root-rce
Exploit
Third Party Advisory
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#pre-auth-root-rce
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:goahead:wireless_ip_camera_wificam_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:goahead:wireless_ip_camera_wificam:-:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03175

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-jw73-g5p2-f7qc

github

больше 3 лет назад

An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.

EPSS

Процентиль: 87%

0.03175

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-77