CVE-2019-15498

2019-08-2303:05:45

mitre

www.cve.org

9.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.5%

JSON

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.

References

distributedcompute.com/2019/08/22/vera-edge-home-controller-remote-shell-via-unauthenticated-command-injection/