Lucene search

KrcertCVELIST:CVE-2020-7879

HistoryNov 30, 2021 - 6:37 p.m.

CVE-2020-7879 ipTIME C200 IP Camera command injection vulnerability

2021-11-3018:37:29

CWE-78

krcert

www.cve.org

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

JSON

This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie(‘[COOKIE]’) . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.

CNA Affected

[
  {
    "platforms": [
      "N/A"
    ],
    "product": "ipTIME C200 IP Camera",
    "vendor": "EFM networks & multimedia",
    "versions": [
      {
        "lessThanOrEqual": "1.0.16",
        "status": "affected",
        "version": "1.0.16",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVELIST:CVE-2020-7879