CVE-2018-17558
26.10.2023, 22:15
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| abus | tvip_10000_firmware | - |
| abus | tvip_10001_firmware | - |
| abus | tvip_10005_firmware | - |
| abus | tvip_10005a_firmware | - |
| abus | tvip_10005b_firmware | - |
| abus | tvip_10050_firmware | - |
| abus | tvip_10051_firmware | - |
| abus | tvip_10055a_firmware | - |
| abus | tvip_10055b_firmware | - |
| abus | tvip_10500_firmware | - |
| abus | tvip_10550_firmware | - |
| abus | tvip_11000_firmware | - |
| abus | tvip_11050_firmware | - |
| abus | tvip_11500_firmware | - |
| abus | tvip_11501_firmware | - |
| abus | tvip_11502_firmware | - |
| abus | tvip_11550_firmware | - |
| abus | tvip_11551_firmware | - |
| abus | tvip_11552_firmware | - |
| abus | tvip_20000_firmware | - |
| abus | tvip_20050_firmware | - |
| abus | tvip_20500_firmware | - |
| abus | tvip_20550_firmware | - |
| abus | tvip_21000_firmware | - |
| abus | tvip_21050_firmware | - |
| abus | tvip_21500_firmware | - |
| abus | tvip_21501_firmware | - |
| abus | tvip_21502_firmware | - |
| abus | tvip_21550_firmware | - |
| abus | tvip_21551_firmware | - |
| abus | tvip_21552_firmware | - |
| abus | tvip_22500_firmware | - |
| abus | tvip_31000_firmware | - |
| abus | tvip_31001_firmware | - |
| abus | tvip_31050_firmware | - |
| abus | tvip_31500_firmware | - |
| abus | tvip_31501_firmware | - |
| abus | tvip_31550_firmware | - |
| abus | tvip_31551_firmware | - |
| abus | tvip_32500_firmware | - |
| abus | tvip_51500_firmware | - |
| abus | tvip_51550_firmware | - |
| abus | tvip_71500_firmware | - |
| abus | tvip_71501_firmware | - |
| abus | tvip_71550_firmware | - |
| abus | tvip_71551_firmware | - |
| abus | tvip_72500_firmware | - |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| abus | tvip_72500_firmware | 𝑥 < * | ADP |
Common Weakness Enumeration
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.