2 matches found
Axis Communications M1033-W IP Camera Remote Code Execution (CVE-2018-9157)
An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude...
CVE-2018-9157
AXIS M1033-W IP camera, firmware 5.40.5.1 , is affected by CVE-2018-9157. The issue allows uploading a crafted .shtml webshell via the fileUpload.shtml endpoint, which is interpreted by Apache HTTP Server’s mod_include and can execute system commands. After successful upload, an attacker can perf...