Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dahua EIMS capture_handle.action RCE
Vulnerability Description
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without sanitization or authentication. By sending crafted HTTP requests, attackers can inject OS-level commands that are executed on the server, leading to full system compromise. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-04-06 UTC.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Dahua EIMS 安全漏洞
Vulnerability Description
Dahua EIMS是中国大华(Dahua)公司的一个企业信息管理系统。 Dahua EIMS 2240008之前版本存在安全漏洞,该漏洞源于输入验证不足,可能导致命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A