CVE-2018-14495

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Common Weakness Enumeration
References
https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/
https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/
https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/
https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/