Sign-up

ID

VAR-201801-1834


TITLE

Command execution vulnerability in set_param program of pelco Sarix Pro network camera (CNVD-2017-36490)

Trust: 0.6

sources: CNVD: CNVD-2017-36490

DESCRIPTION

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is due to the program's failure to perform security checks on the parameters submitted by the user, allowing attackers to use shell metacharacters to execute arbitrary system commands as root to completely control the camera.

Trust: 0.6

sources: CNVD: CNVD-2017-36490

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-36490

AFFECTED PRODUCTS

vendor:schneidermodel:electric sarix professional model: impscope:eqversion:-1110-103.29.65

Trust: 0.6

sources: CNVD: CNVD-2017-36490

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-36490
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-36490
severity: MEDIUM
baseScore: 6.5
vectorString: AV:A/AC:H/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-36490

PATCH

title:Pergo Sarix Pro webcam set_param program system.download.sd_file has a command execution vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/107093

Trust: 0.6

sources: CNVD: CNVD-2017-36490

EXTERNAL IDS

db:CNVDid:CNVD-2017-36490

Trust: 0.6

sources: CNVD: CNVD-2017-36490

SOURCES

db:CNVDid:CNVD-2017-36490

LAST UPDATE DATE

2022-05-04T10:00:50.763000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-36490date:2017-12-07T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-36490date:2018-01-08T00:00:00