CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

0daydb•added 2020/06/21 9:3 a.m.•297 views

Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution

This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zivif Camera iptest.cgi Blind Remote Command Execution...

10CVSS1.1AI score0.84847EPSS

Exploits8

NVD•added 2018/10/19 10:29 p.m.•11 views

CVE-2018-12670

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection...

10CVSS9.7AI score0.11944EPSS

Exploits1References1

CVE•added 2018/10/19 10:0 p.m.•40 views

CVE-2018-12670

SV3C L-SERIES HD CAMERA OS Command Injection (CVE-2018-12670) affects firmware V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B. The vulnerability stems from the program failing to properly detect/validate user input, allowing an attacker to execute arbitrary OS commands on the d...

10CVSS9.5AI score0.11944EPSS

Exploits1References1Affected Software1

CVE•added 2018/10/19 10:0 p.m.•66 views

CVE-2018-12675

The SV3C HD Camera L Series (firmware 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B) contains an open redirect vulnerability due to missing origin checks on URLs the camera’s web interface redirects to. This can allow a user to be redirected to an unexpected endpoint, potentiall...

6.1CVSS6.2AI score0.08842EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/10/19 10:0 p.m.•12 views

CVE-2018-12670

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection...

9.7AI score0.11944EPSS

Exploits1References1

Prion•added 2017/12/19 2:29 a.m.•21 views

Hardcoded credentials

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

10CVSS9.4AI score0.03763EPSS

Exploits4References3Affected Software1

ATTACKERKB•added 2017/12/19 12:0 a.m.•219 views

CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. Recent assessments...

10CVSS1.9AI score0.25054EPSS

In wildExploits5References4

CVE•added 2017/12/18 5:0 p.m.•241 views

CVE-2017-17105

CVE-2017-17105 affects Zivif PR115-204-P-RS webcams (notably V2.3.4.2103 and V4.7.4.2121 and potentially intermediate builds). The vulnerability is an unauthenticated, blind remote command injection via CGI scripts used in the web interface, demonstrated by a request such as cgi-bin/iptest.cgi?cm...

10CVSS9.6AI score0.84847EPSS

In wildExploits8References4Affected Software1

Cvelist•added 2017/12/18 5:0 p.m.•20 views

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

9.8AI score0.84847EPSS

Exploits8References4

CVE•added 2017/12/18 5:0 p.m.•248 views

CVE-2017-17106

CVE-2017-17106 affects Zivif PR115-204-P-RS V2.3.4.2103 Webcams. The vulnerability arises from a lack of authentication in CGI page requests (specifically /web/cgi-bin/hi3510/param.cgi?cmd=getuser), enabling an unauthenticated remote attacker to obtain credentials. Impact is credential disclosure...

10CVSS9.4AI score0.25054EPSS

In wildExploits5References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by