ID
VAR-202111-1531
CVE
CVE-2020-7879
TITLE
ipTIME C200 IP in camera OS Command injection vulnerability
Trust: 0.8
DESCRIPTION
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. ipTIME C200 IP The camera has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.62
IOT TAXONOMY
| category: | ['camera device'] | sub_category: | IP camera | Trust: 0.1 |
AFFECTED PRODUCTS
| vendor: | iptime | model: | c200 | scope: | lte | version: | 1.0.16 | Trust: 1.0 |
| vendor: | iptime | model: | c200 | scope: | eq | version: | c200 firmware | Trust: 0.8 |
| vendor: | iptime | model: | c200 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | iptime | model: | c200 | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.0 |
| problemtype: | OS Command injection (CWE-78) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
operating system commend injection
Trust: 0.6
PATCH
| title: | Top Page | url: | https://iptime.com/iptime/ | Trust: 0.8 |
| title: | EFM ipTIME C200 IP Camera Fixes for operating system command injection vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173818 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-7879 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2021-015719 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202111-2372 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
REFERENCES
| url: | https://www.boho.or.kr/krcert/secnoticeview.do?bulletin_writing_sequence=36365 | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-7879 | Trust: 1.4 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
SOURCES
| db: | OTHER | id: | - |
| db: | JVNDB | id: | JVNDB-2021-015719 |
| db: | CNNVD | id: | CNNVD-202111-2372 |
| db: | NVD | id: | CVE-2020-7879 |
LAST UPDATE DATE
2025-01-30T22:30:28.367000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2021-015719 | date: | 2022-11-29T08:00:00 |
| db: | CNNVD | id: | CNNVD-202111-2372 | date: | 2021-12-10T00:00:00 |
| db: | NVD | id: | CVE-2020-7879 | date: | 2021-12-01T20:13:30.840 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2021-015719 | date: | 2022-11-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-202111-2372 | date: | 2021-11-30T00:00:00 |
| db: | NVD | id: | CVE-2020-7879 | date: | 2021-11-30T19:15:08.030 |