CVE-2017-9828: OS Command Injection
First published: Fri Jun 23 2017(Updated: )
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vivotek Network Camera Ib8369 Firmware | =ib8369-vvtk-0102a | |
| VIVOTEK Network Camera IB8369 | ||
| Vivotek Network Camera Fd8164 Firmware | =fd8164-_vvtk-0200b | |
| Vivotek Network Camera Fd8164 | ||
| Vivotek Network Camera Fd816ba Firmware | =fd816ba-vvtk-010101. | |
| Vivotek Network Camera Fd816ba |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vivotek
- canonical/vivotek network camera ib8369 firmware
- version/vivotek network camera ib8369 firmware/ib8369-vvtk-0102a
- canonical/vivotek network camera ib8369
- canonical/vivotek network camera fd8164 firmware
- version/vivotek network camera fd8164 firmware/fd8164-_vvtk-0200b
- canonical/vivotek network camera fd8164
- canonical/vivotek network camera fd816ba firmware
- version/vivotek network camera fd816ba firmware/fd816ba-vvtk-010101.
- canonical/vivotek network camera fd816ba