Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vivotek SD9364 upload_file.cgi getenv command injection
Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-273527. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Vivotek SD9364 命令注入漏洞
Vulnerability Description
Vivotek SD9364是中国晶睿通讯(Vivotek)公司的一款高速摄像机。 Vivotek SD9364 VVTK-0103f版本存在命令注入漏洞,该漏洞源于文件upload_file.cgi的参数QUERY_STRING会导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A