Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2016-20016
HistoryOct 19, 2022 - 12:00 a.m.

CVE-2016-20016

2022-10-1900:00:00
mitre
www.cve.org
cve-2016-20016
mvpower
cctv dvr
web shell
vulnerability
remote execution
arbitrary commands
root access
jaws webserver rce
firmware
exploitation

9.8 High

AI Score

Confidence

High

0.121 Low

EPSS

Percentile

95.4%

JSON

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the “JAWS webserver RCE” because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022.

Related

nvd 1
prion 1
cve 1
thn 1
attackerkb 1
nvd
nvd
CVE-2016-20016
2022-10-19 05:15:08
prion
prion
Design/Logic Flaw
2022-10-19 05:15:00
cve
cve
CVE-2016-20016
2022-10-19 05:15:08
thn
thn
Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices
2023-05-03 07:30:00
attackerkb
attackerkb
CVE-2016-20016
2022-10-19 00:00:00

9.8 High

AI Score

Confidence

High

0.121 Low

EPSS

Percentile

95.4%

JSON
Related for CVELIST:CVE-2016-20016
nvd1prion1cve1thn1attackerkb1