Details of VAR-201803-2355

ID

VAR-201803-2355

TITLE

AVTECH Multiple Products Remote Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-04480

DESCRIPTION

AVTECH is a Taiwanese video surveillance equipment manufacturer. The main products are monitoring equipment, network cameras, network video recorders and so on. A remote command execution vulnerability exists in AVTECHDVR/NVR/IPC devices. An attacker can exploit the vulnerability remote command to successfully acquire the shell.

Trust: 0.6

sources: CNVD: CNVD-2018-04480

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-04480

AFFECTED PRODUCTS

vendor:	avtech	model:	dvr	scope:	-	version:	-	Trust: 0.6
vendor:	avtech	model:	nvr	scope:	-	version:	-	Trust: 0.6
vendor:	avtech	model:	ipc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-04480

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-04480
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2018-04480
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-04480

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-04480

Trust: 0.6

sources: CNVD: CNVD-2018-04480

REFERENCES

url:

https://github.com/mcw0/poc/blob/master/avtech-rce.py

Trust: 0.6

sources: CNVD: CNVD-2018-04480

SOURCES

db:

CNVD

id:

CNVD-2018-04480

LAST UPDATE DATE

2022-05-04T09:51:12.472000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-04480

date:

2018-03-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-04480

date:

2018-03-07T00:00:00