ID
VAR-201610-0732
TITLE
AVTECH device CloudSetup.cgi exists verification command injection vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2016-08741
DESCRIPTION
AVTECH, founded in 1996, is one of the world's leading manufacturers of CCTV. The main products are monitoring equipment, network cameras, network video recorders and so on. The AVTECH device CloudSetup.cgi has a verification command injection vulnerability. The exefile parameter requested by CloudSetup.cgi executes the specified system command. Since the exefile parameter is not verified or whitelisted, the attacker can exploit the vulnerability to execute any command of the system with root privileges.
Trust: 0.6
sources:
CNVD: CNVD-2016-08741
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08741
AFFECTED PRODUCTS
| vendor: | avtech | model: | dvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | nvr | scope: | - | version: | - | Trust: 0.6 |
| vendor: | avtech | model: | ip camera | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08741
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2016-08741
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2016-08741 | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08741
REFERENCES
| url: | http://seclists.org/bugtraq/2016/oct/26 | Trust: 0.6 |
| url: | http://www.search-lab.hu/advisories/126-avtech-devices-multiple-vulnerabilities | Trust: 0.6 |
sources:
CNVD: CNVD-2016-08741
SOURCES
| db: | CNVD | id: | CNVD-2016-08741 |
LAST UPDATE DATE
2022-05-04T09:43:54.299000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-08741 | date: | 2016-10-13T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-08741 | date: | 2016-10-12T00:00:00 |