Details of VAR-201610-0727

ID

VAR-201610-0727

TITLE

AVTECH DVR has a command injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-08737

DESCRIPTION

AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. There is a command injection vulnerability in AVTECHDVR. Since the interface query function does not filter and verify the input parameters, an unauthenticated attacker can exploit the vulnerability to execute arbitrary system commands with root privileges.

Trust: 0.6

sources: CNVD: CNVD-2016-08737

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-08737

AFFECTED PRODUCTS

vendor:

avtech

model:

dvr

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-08737

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-08737
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-08737
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-08737

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-08737

Trust: 0.6

sources: CNVD: CNVD-2016-08737

REFERENCES

url:	http://seclists.org/bugtraq/2016/oct/26	Trust: 0.6
url:	http://www.search-lab.hu/advisories/126-avtech-devices-multiple-vulnerabilities	Trust: 0.6

sources: CNVD: CNVD-2016-08737

SOURCES

db:

CNVD

id:

CNVD-2016-08737

LAST UPDATE DATE

2022-05-04T10:04:52.945000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-08737

date:

2016-11-02T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-08737

date:

2016-10-13T00:00:00