Sign-up

ID

VAR-201801-1820


TITLE

Command execution vulnerability exists in pelco Sarix Pro network camera set_param program

Trust: 0.6

sources: CNVD: CNVD-2017-36495

DESCRIPTION

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is because the program does not perform security checks on the parameters submitted by the user, allowing the attack to execute arbitrary system commands as root using shell metacharacters, thereby completely controlling the camera.

Trust: 0.6

sources: CNVD: CNVD-2017-36495

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-36495

AFFECTED PRODUCTS

vendor:schneidermodel:electric sarix professional model: impscope:eqversion:-1110-103.29.65

Trust: 0.6

sources: CNVD: CNVD-2017-36495

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-36495
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-36495
severity: MEDIUM
baseScore: 6.5
vectorString: AV:A/AC:H/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-36495

PATCH

title:Schneider Pergo Sarix Pro webcam set_param program system.opkg.remove command execution vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/107501

Trust: 0.6

sources: CNVD: CNVD-2017-36495

EXTERNAL IDS

db:CNVDid:CNVD-2017-36495

Trust: 0.6

sources: CNVD: CNVD-2017-36495

SOURCES

db:CNVDid:CNVD-2017-36495

LAST UPDATE DATE

2022-05-04T09:11:02.550000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-36495date:2017-12-07T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-36495date:2018-01-08T00:00:00