Main Vulnerability Database Vulnerabilities #VU13269

#VU13269 OS command injection in IP Video Camera Firmware - CVE-2018-6831

Published: June 12, 2018

Vulnerability identifier: #VU13269

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-6831

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IP Video Camera Firmware

Software vendor:
Foscam

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to a flaw in the FastCGI API when handling malicious input. A remote unauthenticated attacker can send a specially crafted request to inject and execute arbitrary shell commands with root privileges

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/

#VU13269 OS command injection in IP Video Camera Firmware - CVE-2018-6831

Description

Remediation

External links

Please verify you're human