27 matches found
EUVD-2017-17803
Malware in sbrugna...
EUVD-2017-17806
Malware in sbrugna...
EUVD-2017-17802
Malware in sbrugna...
EUVD-2017-17804
Malware in sbrugna...
The vulnerability of the microprogrammed software of the Cohu 3960HD IP camera allows a intruder to execute arbitrary code.
The vulnerability of the Microprogrammed IP Camera Cohu 3960HD is related to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by manipulating camera parameters remotely...
The vulnerability of the webupgrade function in the microprogrammed IP camera software of Cohu 3960HD allows a intruder to execute code with root privileges.
The vulnerability of the webupgrade function in the microprogrammed IP camera system Cohu 3960HD relates to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges by loading a specially crafted archive...
Cohu 3960HD Multiple Vulnerabilities
Cohu 3960HD Series IP cameras are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2017-8862
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges...
Design/Logic Flaw
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges...
CVE-2017-8864
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if !passwordsAreEqual" test...
CVE-2017-8861
Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets...
Authentication flaw
Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets...
Code injection
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if !passwordsAreEqual" test...
Information disclosure
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...
CVE-2017-8861
Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets...
CVE-2017-8862
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges...
CVE-2017-8860
CVE-2017-8860 affects the Cohu 3960HD IP camera series. The issue is information disclosure caused by an information-leaking directory listing vulnerability that can be triggered by a crafted HTTP request containing an extra slash (for example, a GET // HTTP/1.1). Successful exploitation allows a...
CVE-2017-8864
CVE-2017-8864 affects the Cohu 3960HD IP camera series. The vulnerability arises from client-side enforcement (JavaScript) of server-side security options, allowing an attacker to manipulate options sent to the camera and potentially cause malfunction or code execution, as demonstrated by a clien...
CVE-2017-8862
CVE-2017-8862 concerns the Cohu 3960HD IP camera family. The webupgrade function does not verify firmware upgrade files or processes, enabling an attacker to upload a crafted postinstall.sh that is executed with root privileges. Documented sources (NVD/NVD listing) describe a high-severity impact...
CVE-2017-8864
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if !passwordsAreEqual" test...