Описание
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
Ссылки
- Third Party Advisory
- https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/Third Party Advisory
- Third Party Advisory
- https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:vivotek:fd8136_firmware:0301a:*:*:*:*:*:*:*
cpe:2.3:h:vivotek:fd8136:-:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.0896
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget.
EPSS
Процентиль: 92%
0.0896
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78