Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vivotek CC8160 upload_file.cgi getenv command injection
Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to initiate the attack remotely. The identifier VDB-273525 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Vivotek CC8160 安全漏洞
Vulnerability Description
Vivotek CC8160是中国晶睿通讯(Vivotek)公司的一款 2MP 高度条带网络摄像机。 Vivotek CC8160 VVTK-0100d版本存在安全漏洞,该漏洞源于文件upload_file. cgi的参数QUERY_STRING会导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A