Small ants Camera application management program the presence of a remote command execution vulnerability through the web interface with root privileges to execute arbitrary system commands without any web permissions, now the official latest version already fix this vulnerability.
firmware version<=1.8.3. 4F_201410221315 Note:We do not find all the firmware versions, this version is our device factory version, but also we can find the presence of the vulnerability in the latest version
The exploit: the
Through the web application vulnerability configuration parameters, perform system commands.
See the system command in the current execution privilege, the execution result for the highest system privileges.