5 matches found
Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection
Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-42071 info: name: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection author: gy741 severity: critical description: Visual...
VulnCheck KEV: CVE-2021-42071
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...
FreakOut Botnet Turns DVRs Into Monero Cryptominers
Threat group FreakOut’s Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero miner. Juniper Threat Labs researchers have issued a report detailing new activities from FreakOut, also known as Necro Python and Python.IRCBot. In late September, the team noticed that the...
CVE-2021-42071
CVE-2021-42071 affects Visual Tools DVR VX16 4.2.28.0. An unauthenticated attacker can achieve remote code execution by exploiting shell metacharacters in the cgi-bin/slogin/login.py User-Agent header, via an OS command-injection vector. Exploitation has been demonstrated in public disclosures (E...
Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)
Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. CVE: CVE-2021-42071 Reference:...