Summary
Detail | |||
---|---|---|---|
Vendor | Abus | First view | 2023-10-26 |
Product | Tvip 72500 Firmware | Last view | 2023-10-26 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:* | 5 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2023-10-26 | CVE-2018-17879 | An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts. |
9.8 | 2023-10-26 | CVE-2018-17878 | Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function. |
7.5 | 2023-10-26 | CVE-2018-17559 | Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. |
9.8 | 2023-10-26 | CVE-2018-17558 | Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. |
8.8 | 2023-10-26 | CVE-2018-16739 | An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
20% (1) | CWE-798 | Use of Hard-coded Credentials |
20% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
20% (1) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
20% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |