CVE-2019-15498

Опубликовано: 23 авг. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Низкий

Описание

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.

Ссылки

https://distributedcompute.com/2019/08/22/vera-edge-home-controller-remote-shell-via-unauthenticated-command-injection/
Exploit
Third Party Advisory
https://distributedcompute.com/2019/08/22/vera-edge-home-controller-remote-shell-via-unauthenticated-command-injection/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:getvera:vera_edge_firmware:1.7.4452:*:*:*:*:*:*:*

cpe:2.3:h:getvera:vera_edge:-:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01512

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-88

Связанные уязвимости

GHSA-v5m2-rjh8-pc69