Design/Logic Flaw

cgitest.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" ampersand in the writemac writepid, writemsn, writetan, or writehdv parameter...

CVE-2015-2279

cgitest.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" ampersand in the writemac writepid, writemsn, writetan, or writehdv parameter...

CVE-2015-2279

CVE-2015-2279 is an OS command injection in AirLive cgi_test.cgi on MD-3025, BU-3026 and BU-2015 cameras (firmware listed in advisories). The vulnerability arises when handling certain parameters (write_mac, write_pid, write_msn, write_tan, write_hdv); after an ampersand, the attacker can influen...

AirLive IP Monitor Command Injection Vulnerability

Airlive is an IP surveillance network solution provider and security product vendor. An OS command injection vulnerability exists in the cgitest.cgi binary file when the AirLive MD-3025, BU-3026, BU-2015 cameras process certain parameters. An attacker can exploit this vulnerability to inject...

AirLive Multiple Products OS Command Injection (Jul 2015) - Active Check

There is an OS Command Injection in the cgitest.cgi binary file in the AirLive MD-3025, BU-3026 and BU-2015 cameras when handling certain parameters. That specific CGI file can be requested without authentication, unless the user specified in the configuration of the camera that every communicati...