漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
Vulnerability Description
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
AVTECH IP camera、AVTECH DVR和AVTECH NVR 安全漏洞
Vulnerability Description
AVTECH IP camera等都是美国AVTECH公司的产品。AVTECH IP camera是一系列网络安全摄像头。AVTECH DVR是一款数位录影主机。AVTECH NVR是一款网络录像机。 AVTECH IP camera、AVTECH DVR和AVTECH NVR存在安全漏洞,该漏洞源于adcommand.cgi端点未清理输入导致OS命令注入。
CVSS Information
N/A
Vulnerability Type
N/A