CMVISION CM-NVST-MP08 Command Injection Vulnerability
The ddnsserver.cgi script on the device's webserver that runs as root is vulnerable to remote command execution by an authenticated user, with the default password being "admin:admin". The address GET parameter is fed to the command line by the CGI script without sanitization for semicolons,...