9 matches found
CVE-2016-15047
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
EUVD-2016-10792
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2016-15047
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2016-15047
CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...
AVTECH DVR settings without requiring the user to log command execution vulnerability
Set the DVR there exists no user-login command execution vulnerability Search. cgi provides cgiquery function is through the wget function to achieve the HTML request, but because of the parameters did not validate and filter, can be configured through the parameters to achieve root access to...
Authentication Command Injection Vulnerability in CloudSetup.cgi for AVTECH Devices
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An authenticated command injection vulnerability exists in the AVTECH device CloudSetup.cgi. The exefile parameter requested...
PT-2025-41460
Name of the Vulnerable Software and Affected Versions AVTECH devices affected versions not specified Description AVTECH devices that include the CloudSetup.cgi management endpoint are susceptible to authenticated OS command injection. The exefile parameter within the ''CloudSetup.cgi'' endpoint i...