First published: Fri Jun 23 2017(Updated: )
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vivotek Network Camera Ib8369 Firmware | =ib8369-vvtk-0102a | |
VIVOTEK Network Camera IB8369 | ||
Vivotek Network Camera Fd8164 Firmware | =fd8164-_vvtk-0200b | |
Vivotek Network Camera Fd8164 | ||
Vivotek Network Camera Fd816ba Firmware | =fd816ba-vvtk-010101. | |
Vivotek Network Camera Fd816ba |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.