Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vivotek IB8367A upload_file.cgi getenv command injection
Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-273528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Vivotek IB8367A 命令注入漏洞
Vulnerability Description
Vivotek IB8367A是中国晶睿通讯(Vivotek)公司的一款网络摄像机。 Vivotek IB8367A VVTK-0100b存在命令注入漏洞,该漏洞源于文件upload_file.cgi的参数QUERY_STRING会导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A