Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ipTIME C200 IP Camera command injection vulnerability
Vulnerability Description
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
EFM ipTIME C200 IP Camera 操作系统命令注入漏洞
Vulnerability Description
EFM ipTIME C200 IP Camera是韩国EFM公司的一个硬件设备。提供了一个用于监控的摄像头设备。 EFM ipTIME C200 IP Camera 存在操作系统命令注入漏洞,该漏洞源于当ipTIME C200 IP Camera与ipTIME NAS同步时,ipTIME NAS需要为ipTIME IP camera提取值,因为ipTIME NAS发送一个setCookie([COOKIE])。该值被传输到wget二进制文件中的——header选项,但是针对该值并没有验证检查。此漏洞允许
CVSS Information
N/A
Vulnerability Type
N/A