ID
VAR-201610-0711
TITLE
AVTECH device PwdGrp.cgi exists verification command injection vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2016-08743
DESCRIPTION
AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. The AVTECH device PwdGrp.cgi has a verification command injection vulnerability. The PwdGrp.cgi script can modify the username, password, and group parameters with unauthenticated or processed system commands to create new or modify users. An attacker exploits a vulnerability to execute arbitrary system commands with root privileges.
Trust: 0.6
sources:
CNVD: CNVD-2016-08743
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08743
AFFECTED PRODUCTS
| vendor: | avtech | model: | dvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | nvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | ip camera | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08743
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2016-08743
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2016-08743 | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08743
REFERENCES
| url: | http://seclists.org/bugtraq/2016/oct/26 | Trust: 0.6 |
| url: | http://www.search-lab.hu/advisories/126-avtech-devices-multiple-vulnerabilities | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08743
SOURCES
| db: | CNVD | id: | CNVD-2016-08743 |
LAST UPDATE DATE
2022-05-04T09:43:54.311000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-08743 | date: | 2016-11-02T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-08743 | date: | 2016-10-13T00:00:00 |