CVE-2019-12289

Опубликовано: 23 мая 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~~123 and 200V (C38S) CH-sys-48.53.203.119~~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.

Ссылки

http://f1security.co.kr/cve/cve_190314.htm
Broken Link
http://f1security.co.kr/cve/cve_190314.htm
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:vstracam:c7824wip_firmware:ch-sys-48.53.75.119\~123:*:*:*:*:*:*:*

cpe:2.3:h:vstracam:c7824wip:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:vstracam:c38s_firmware:ch-sys-48.53.203.119\~123:*:*:*:*:*:*:*

cpe:2.3:h:vstracam:c38s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.0059

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-6fr7-gr3j-v556

github

больше 3 лет назад

An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.