Lucene search

MitreCVE-2017-9829

HistoryJun 23, 2017 - 10:29 p.m.

CVE-2017-9829

2017-06-2322:29:00

CWE-22

mitre

web.nvd.nist.gov

cve-2017-9829

vivotek

network cameras

web service

vulnerability

remote attackers

linux filesystem

http request

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.276

Percentile

96.9%

JSON

‘/cgi-bin/admin/downloadMedias.cgi’ of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera’s Linux filesystem via a crafted HTTP request containing “…” sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.

Affected configurations

Nvd

Node

vivoteknetwork_camera_ib8369_firmwareMatchib8369-vvtk-0102a

AND

vivoteknetwork_camera_ib8369Match-

Node

vivoteknetwork_camera_fd8164_firmwareMatchfd8164-_vvtk-0200b

AND

vivoteknetwork_camera_fd8164Match-

Node

vivoteknetwork_camera_fd816ba_firmwareMatchfd816ba-vvtk-010101.

AND

vivoteknetwork_camera_fd816baMatch-

VendorProductVersionCPE
vivoteknetwork_camera_ib8369_firmwareib8369-vvtk-0102acpe:2.3:o:vivotek:network_camera_ib8369_firmware:ib8369-vvtk-0102a:*:*:*:*:*:*:*
vivoteknetwork_camera_ib8369-cpe:2.3:h:vivotek:network_camera_ib8369:-:*:*:*:*:*:*:*
vivoteknetwork_camera_fd8164_firmwarefd8164-_vvtk-0200bcpe:2.3:o:vivotek:network_camera_fd8164_firmware:fd8164-_vvtk-0200b:*:*:*:*:*:*:*
vivoteknetwork_camera_fd8164-cpe:2.3:h:vivotek:network_camera_fd8164:-:*:*:*:*:*:*:*
vivoteknetwork_camera_fd816ba_firmwarefd816ba-vvtk-010101.cpe:2.3:o:vivotek:network_camera_fd816ba_firmware:fd816ba-vvtk-010101.:*:*:*:*:*:*:*
vivoteknetwork_camera_fd816ba-cpe:2.3:h:vivotek:network_camera_fd816ba:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vivotek	network_camera_ib8369_firmware	ib8369-vvtk-0102a	cpe:2.3:o:vivotek:network_camera_ib8369_firmware:ib8369-vvtk-0102a:::::::*
vivotek	network_camera_ib8369	-	cpe:2.3:h:vivotek:network_camera_ib8369:-:::::::*
vivotek	network_camera_fd8164_firmware	fd8164-_vvtk-0200b	cpe:2.3:o:vivotek:network_camera_fd8164_firmware:fd8164-_vvtk-0200b:::::::*
vivotek	network_camera_fd8164	-	cpe:2.3:h:vivotek:network_camera_fd8164:-:::::::*
vivotek	network_camera_fd816ba_firmware	fd816ba-vvtk-010101.	cpe:2.3:o:vivotek:network_camera_fd816ba_firmware:fd816ba-vvtk-010101.:::::::*
vivotek	network_camera_fd816ba	-	cpe:2.3:h:vivotek:network_camera_fd816ba:-:::::::*

References

blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.276

Percentile

96.9%

JSON

Related for CVE-2017-9829