CVE-2018-17558
26.10.2023, 22:15
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
| Vendor | Product | Version |
|---|---|---|
| abus | tvip_10000_firmware | - |
| abus | tvip_10001_firmware | - |
| abus | tvip_10005_firmware | - |
| abus | tvip_10005a_firmware | - |
| abus | tvip_10005b_firmware | - |
| abus | tvip_10050_firmware | - |
| abus | tvip_10051_firmware | - |
| abus | tvip_10055a_firmware | - |
| abus | tvip_10055b_firmware | - |
| abus | tvip_10500_firmware | - |
| abus | tvip_10550_firmware | - |
| abus | tvip_11000_firmware | - |
| abus | tvip_11050_firmware | - |
| abus | tvip_11500_firmware | - |
| abus | tvip_11501_firmware | - |
| abus | tvip_11502_firmware | - |
| abus | tvip_11550_firmware | - |
| abus | tvip_11551_firmware | - |
| abus | tvip_11552_firmware | - |
| abus | tvip_20000_firmware | - |
| abus | tvip_20050_firmware | - |
| abus | tvip_20500_firmware | - |
| abus | tvip_20550_firmware | - |
| abus | tvip_21000_firmware | - |
| abus | tvip_21050_firmware | - |
| abus | tvip_21500_firmware | - |
| abus | tvip_21501_firmware | - |
| abus | tvip_21502_firmware | - |
| abus | tvip_21550_firmware | - |
| abus | tvip_21551_firmware | - |
| abus | tvip_21552_firmware | - |
| abus | tvip_22500_firmware | - |
| abus | tvip_31000_firmware | - |
| abus | tvip_31001_firmware | - |
| abus | tvip_31050_firmware | - |
| abus | tvip_31500_firmware | - |
| abus | tvip_31501_firmware | - |
| abus | tvip_31550_firmware | - |
| abus | tvip_31551_firmware | - |
| abus | tvip_32500_firmware | - |
| abus | tvip_51500_firmware | - |
| abus | tvip_51550_firmware | - |
| abus | tvip_71500_firmware | - |
| abus | tvip_71501_firmware | - |
| abus | tvip_71550_firmware | - |
| abus | tvip_71551_firmware | - |
| abus | tvip_72500_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.