Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2017-17106

🗓️ 18 Dec 2017 17:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 256 Views🌐 WEB

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web request

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password Vulnerabilities
14 Dec 201700:00
zdt
0day.today		Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution Exploit
16 Jun 202000:00
zdt
ATTACKERKB		CVE-2017-17106
19 Dec 201700:00
attackerkb
BDU FSTEC		The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software, related to errors in managing registration data, allows a hacker to obtain user login credentials.
1 Feb 201800:00
bdu_fstec
Circl		CVE-2017-17106
26 Nov 202415:14
circl
CNVD		Zivif PR115-204-P-RS Security Bypass Vulnerability
2 Jan 201800:00
cnvd
Check Point Advisories		Zivif Webcams Information Disclosure (CVE-2017-17106)
1 Jul 202000:00
checkpoint_advisories
Cvelist		CVE-2017-17106
18 Dec 201717:00
cvelist
Microsoft Malware Protection		Microsoft research uncovers new Zerobot capabilities
21 Dec 202220:00
mmpc
Microsoft Secure		Microsoft research uncovers new Zerobot capabilities
21 Dec 202220:00
mssecure
Rows per page
NVD
Node
zivifpr115-204-p-rs_firmwareMatch2.3.4.2103
AND
zivifpr115-204-p-rsMatch-
ParameterPositionPathDescriptionCWE
cmdquery paramweb/cgi-bin/hi3510/param.cgi?cmd=getuserUnauthenticated access to CGI parameter data via getuser can bypass authentication.CWE-522
cmdquery paramcgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot)Unauthenticated remote command execution using iptest.cgi with injected -url parameter.CWE-522
-timequery paramcgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot)Unauthenticated remote command execution using iptest.cgi with injected -url parameter.CWE-522
-urlquery paramcgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot)Unauthenticated remote command execution using iptest.cgi with injected -url parameter.CWE-522

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 01:10Current
9.4High risk
Vulners AI Score9.4
CVSS 39.8
CVSS 210
EPSS0.15256
CWE-522In Wild
cve-2017-17106zivifpr115-204-p-rsv2.3.4.2103webcamremote attackerauthenticationvulnerability
256