Details of VAR-202107-1707

ID

VAR-202107-1707

TITLE

Visual Tools DVR has an unauthorized command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-50119

DESCRIPTION

Visual Tools is a brand of AX Solutions. AX Solutions is a company with high-tech features and unique video solutions. It is well-known for its innovative capabilities, product quality and service mission. Visual Tools DVR has an unauthorized command execution vulnerability. Attackers can use this vulnerability to escalate apache privileges to root. Combined with the vulnerability, they can execute arbitrary commands on the target device with root privileges.

Trust: 0.6

sources: CNVD: CNVD-2021-50119

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-50119

AFFECTED PRODUCTS

vendor:

model:

solutions visual tools dvr

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-50119

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-50119
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-50119
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-50119

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-50119

Trust: 0.6

sources: CNVD: CNVD-2021-50119

SOURCES

db:

CNVD

id:

CNVD-2021-50119

LAST UPDATE DATE

2022-05-04T10:25:20.029000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-50119

date:

2021-07-13T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-50119

date:

2021-07-07T00:00:00