exploitDog

CVE-2018-18004

Опубликовано: 03 янв. 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.

Ссылки

http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf
Vendor Advisory
https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244
Exploit
Third Party Advisory
http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf
Vendor Advisory
https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:vivotek:camera:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00228

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-j848-g53r-g2rf

CVSS3: 5.3

github

больше 3 лет назад

Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.

EPSS

Процентиль: 45%

0.00228

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862