Details of VAR-202101-1995

ID

VAR-202101-1995

TITLE

Command execution vulnerability exists in iray infrared camera AM310420

Trust: 0.6

sources: CNVD: CNVD-2020-69456

DESCRIPTION

Arrow Optoelectronics focuses on the R&D and manufacturing of infrared imaging technology and products, with completely independent intellectual property rights, and is committed to providing professional and competitive infrared thermal imaging products and industry solutions to global customers. The iray infrared camera AM310420 has a command execution vulnerability. Attackers can use this vulnerability to execute system commands and gain control of the server.

Trust: 0.6

sources: CNVD: CNVD-2020-69456

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-69456

AFFECTED PRODUCTS

vendor:

arrow optoelectronics

model:

iray infrared camera am310420

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-69456

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-69456
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2020-69456
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-69456

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-69456

Trust: 0.6

sources: CNVD: CNVD-2020-69456

SOURCES

db:

CNVD

id:

CNVD-2020-69456

LAST UPDATE DATE

2022-05-04T09:02:18.169000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-69456

date:

2020-12-08T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-69456

date:

2021-01-02T00:00:00