Описание
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
Ссылки
- ExploitThird Party Advisory
- https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/ExploitThird Party Advisory
- ExploitThird Party Advisory
- https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:vivotek:fd8136_firmware:0301a:*:*:*:*:*:*:*
cpe:2.3:h:vivotek:fd8136:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.18805
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494.
EPSS
Процентиль: 95%
0.18805
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78