This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Abus First view 2023-10-26
Product Tvip 31551 Firmware Last view 2023-10-26
Version - Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:abus:tvip_31551_firmware

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2023-10-26 CVE-2018-17879

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.
9.8 2023-10-26 CVE-2018-17878

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.
7.5 2023-10-26 CVE-2018-17559

Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.
9.8 2023-10-26 CVE-2018-17558

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
8.8 2023-10-26 CVE-2018-16739

An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-798 Use of Hard-coded Credentials
20% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
20% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
20% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...