CVE-2020-23826

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176

Ссылки

https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/
Third Party Advisory
https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf
Exploit
Third Party Advisory
https://whiterosezex.blogspot.com/2021/01/cve-2020-23826-rce-vulnerability-in.html
Third Party Advisory
https://firedome.io/blog/firedome-discloses-0-day-vulnerabilities-in-yale-ip-cameras/
Third Party Advisory
https://lp.firedome.io/hubfs/Yale%20WIPC-301W%20RCE%20Vulnerability%20Report%205-6.pdf
Exploit
Third Party Advisory
https://whiterosezex.blogspot.com/2021/01/cve-2020-23826-rce-vulnerability-in.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:assaabloy:yale_wipc-303w_firmware:*:*:*:*:*:*:*:*

Версия от 2.21 (включая) до 2.31 (включая)

cpe:2.3:h:assaabloy:yale_wipc-303w:-:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11128

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-78jh-xp49-wr6h