Sign-up

ID

VAR-201706-1009


CVE

CVE-2017-9828


TITLE

plural VIVOTEK Network Camera Product Web Service of /cgi-bin/admin/testserver.cgi Vulnerable to shell command insertion

Trust: 0.8

sources: JVNDB: JVNDB-2017-005190

DESCRIPTION

'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter. VIVOTEKNetworkCameras IB8369, FD8164 and FD816BA are all network camera products of China VIVOTEK. A security vulnerability exists in the /cgi-bin/admin/testserver.cgi file for Web services in VIVOTEKNetworkCamerasIB8369, FD8164, and FD816BA

Trust: 2.34

sources: NVD: CVE-2017-9828 // JVNDB: JVNDB-2017-005190 // CNVD: CNVD-2017-12593 // VULHUB: VHN-118031 // VULMON: CVE-2017-9828

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-12593

AFFECTED PRODUCTS

vendor:vivotekmodel:network camera fd816bascope:eqversion:fd816ba-vvtk-010101.

Trust: 1.6

vendor:vivotekmodel:network camera fd8164scope:eqversion:fd8164-_vvtk-0200b

Trust: 1.6

vendor:vivotekmodel:network camera ib8369scope:eqversion:ib8369-vvtk-0102a

Trust: 1.6

vendor:vivotekmodel:network camera fd8164scope: - version: -

Trust: 0.8

vendor:vivotekmodel:network camera fd816bascope: - version: -

Trust: 0.8

vendor:vivotekmodel:network camera ib8369scope: - version: -

Trust: 0.8

vendor:vivotekmodel:ib8369scope: - version: -

Trust: 0.6

vendor:vivotekmodel:fd8164scope: - version: -

Trust: 0.6

vendor:vivotekmodel:fd816bascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-12593 // JVNDB: JVNDB-2017-005190 // CNNVD: CNNVD-201706-1061 // NVD: CVE-2017-9828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9828
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-9828
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-12593
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-1061
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118031
value: HIGH

Trust: 0.1

VULMON: CVE-2017-9828
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-9828
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-12593
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118031
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9828
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-12593 // VULHUB: VHN-118031 // VULMON: CVE-2017-9828 // JVNDB: JVNDB-2017-005190 // CNNVD: CNNVD-201706-1061 // NVD: CVE-2017-9828

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-118031 // JVNDB: JVNDB-2017-005190 // NVD: CVE-2017-9828

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1061

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201706-1061

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005190

PATCH
title:VIVOTEK Network Camerasurl:http://www.vivotek.com/network-cameras/#type-filter:path=default|resolution-filter:path=default|snv-filter:path=default|wdr-filter:path=default|lens-filter:path=default|ir-filter:path=default|environment-filter:path=default|views:view=jplist-grid-view
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-005190

EXTERNAL IDS
db:NVDid:CVE-2017-9828
Trust: 3.3
db:JVNDBid:JVNDB-2017-005190
Trust: 0.8
db:CNNVDid:CNNVD-201706-1061
Trust: 0.7
db:CNVDid:CNVD-2017-12593
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-118031
Trust: 0.1
db:VULMONid:CVE-2017-9828
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-12593 // 
            
            
            
            VULHUB: VHN-118031 // 
            
            
            
            VULMON: CVE-2017-9828 // 
            
            
            
            JVNDB: JVNDB-2017-005190 // 
            
            
            
            CNNVD: CNNVD-201706-1061 // 
            
            
            
            NVD: CVE-2017-9828

REFERENCES
url:https://blog.cal1.cn/post/an%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras
Trust: 3.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9828
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9828
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-12593 // 
            
            
            
            VULHUB: VHN-118031 // 
            
            
            
            VULMON: CVE-2017-9828 // 
            
            
            
            JVNDB: JVNDB-2017-005190 // 
            
            
            
            CNNVD: CNNVD-201706-1061 // 
            
            
            
            NVD: CVE-2017-9828

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2017-12593
db:VULHUBid:VHN-118031
db:VULMONid:CVE-2017-9828
db:JVNDBid:JVNDB-2017-005190
db:CNNVDid:CNNVD-201706-1061
db:NVDid:CVE-2017-9828

LAST UPDATE DATE
2025-04-20T20:16:44.603000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-12593date:2017-07-04T00:00:00
db:VULHUBid:VHN-118031date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-9828date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-005190date:2017-07-20T00:00:00
db:CNNVDid:CNNVD-201706-1061date:2019-10-23T00:00:00
db:NVDid:CVE-2017-9828date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-12593date:2017-07-04T00:00:00
db:VULHUBid:VHN-118031date:2017-06-23T00:00:00
db:VULMONid:CVE-2017-9828date:2017-06-23T00:00:00
db:JVNDBid:JVNDB-2017-005190date:2017-07-20T00:00:00
db:CNNVDid:CNNVD-201706-1061date:2017-06-28T00:00:00
db:NVDid:CVE-2017-9828date:2017-06-23T22:29:00.163