Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
Vulnerability Description
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
AVTECH IP camera、AVTECH DVR和AVTECH NVR 安全漏洞
Vulnerability Description
AVTECH IP camera等都是美国AVTECH公司的产品。AVTECH IP camera是一系列网络安全摄像头。AVTECH DVR是一款数位录影主机。AVTECH NVR是一款网络录像机。 AVTECH IP camera、AVTECH DVR和AVTECH NVR存在安全漏洞,该漏洞源于adcommand.cgi端点未清理输入导致OS命令注入。
CVSS Information
N/A
Vulnerability Type
N/A