Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Beward N100 IP Camera Remote Command Execution
Vulnerability Description
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which are unsafely embedded into backend system calls without proper input sanitization. Successful exploitation results in remote code execution with root privileges. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-02 UTC.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Beward N100 IP Camera 安全漏洞
Vulnerability Description
Beward N100 IP Camera是俄罗斯Beward开源的一款摄像头。 Beward N100 IP Camera M2.1.6.04C014版本存在安全漏洞,该漏洞源于对servetest CGI页面中参数ServerName和TimeZone的错误操作,导致命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A