Details of VAR-201703-1392

ID

VAR-201703-1392

TITLE

Samsung Smartcam Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-00815

DESCRIPTION

SamsungSmartCam is a security surveillance camera based on cloud services. There is a command injection vulnerability in SmartCamSNH-1011, which is caused by iWatch (a webcam monitoring service) about PHP scripts that allow users to update iWatch by uploading files and failing to effectively check the uploaded file names. An attacker can exploit the vulnerability to inject shell commands and gain root privileges to execute remote code.

Trust: 0.6

sources: CNVD: CNVD-2017-00815

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-00815

AFFECTED PRODUCTS

vendor:	samsung	model:	smartcam	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	smartcam snh-1011	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-00815

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-00815
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2017-00815
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-00815

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-00815

Trust: 0.6

sources: CNVD: CNVD-2017-00815

REFERENCES

url:

http://www.freebuf.com/vuls/125448.html

Trust: 0.6

sources: CNVD: CNVD-2017-00815

SOURCES

db:

CNVD

id:

CNVD-2017-00815

LAST UPDATE DATE

2022-05-04T09:04:42.354000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-00815

date:

2017-01-26T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-00815

date:

2017-03-10T00:00:00