Lucene search

IcscertCVELIST:CVE-2024-7029

HistoryAug 02, 2024 - 3:08 p.m.

CVE-2024-7029 Command Injection in AVTech AVM1203 (IP Camera)

2024-08-0215:08:35

CWE-77

icscert

www.cve.org

cve-2024

command injection

avtech avm1203

ip camera

network

authentication

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.338

Percentile

97.1%

JSON

Commands can be injected over the network and executed without authentication.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AVM1203 (IP Camera)",
    "vendor": "AVTech",
    "versions": [
      {
        "lessThanOrEqual": "FullImg-1023-1007-1011-1009",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt

www.cisa.gov/news-events/ics-advisories/icsa-24-214-07

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.338

Percentile

97.1%

JSON

Related for CVELIST:CVE-2024-7029