ID

VAR-201710-1447


TITLE

Vacron NVR Device Remote Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-29245

DESCRIPTION

Vacron is mainly engaged in the production of various types of mobile monitoring, CCTV monitoring systems, IP remote image monitoring systems and other related products, and can accept customized orders such as ODM and OEM. The main products: driving recorder, CCTV analog monitoring system, CMS, IPCAM and so on. A remote command execution vulnerability exists in the VacronNVR device. An attacker can exploit a vulnerability to execute arbitrary commands.

Trust: 0.6

sources: CNVD: CNVD-2017-29245

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-29245

AFFECTED PRODUCTS

vendor:vacronmodel:nvrscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-29245

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-29245
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-29245
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-29245

EXTERNAL IDS

db:CNVDid:CNVD-2017-29245

Trust: 0.6

sources: CNVD: CNVD-2017-29245

REFERENCES

url:https://blogs.securiteam.com/index.php/archives/3445

Trust: 0.6

sources: CNVD: CNVD-2017-29245

SOURCES

db:CNVDid:CNVD-2017-29245

LAST UPDATE DATE

2022-05-04T09:04:22.925000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-29245date:2017-10-10T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-29245date:2017-10-10T00:00:00