Details of VAR-201801-1849

ID

VAR-201801-1849

TITLE

Pelco Sarix Pro Network Camera ssldownload.cgi Program Has Arbitrary File Download Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-36491

DESCRIPTION

pelco Sarix Professional is a video camera. There is an arbitrary file download vulnerability in the scoldownload.cgi program of the pelco Sarix Pro network camera. The vulnerability is due to the program's failure to properly check the path and name of the downloaded file, allowing an attacker to use the vulnerability to download arbitrary files on the system.

Trust: 0.6

sources: CNVD: CNVD-2017-36491

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36491

AFFECTED PRODUCTS

vendor:

schneider

model:

electric sarix professional model: imp

scope:

version:

-1110-103.29.65

Trust: 0.6

sources: CNVD: CNVD-2017-36491

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-36491
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-36491
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-36491

PATCH

title:

Schneider Pelco Sarix Pro webcam ssldownload.cgi has an arbitrary file download vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/107089

Trust: 0.6

sources: CNVD: CNVD-2017-36491

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-36491

Trust: 0.6

sources: CNVD: CNVD-2017-36491

SOURCES

db:

CNVD

id:

CNVD-2017-36491

LAST UPDATE DATE

2022-05-04T10:08:30.749000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-36491

date:

2017-12-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-36491

date:

2018-01-08T00:00:00