Lucene search

MitreCVE-2018-17558

HistoryOct 26, 2023 - 10:15 p.m.

CVE-2018-17558

2023-10-2622:15:08

CWE-78

CWE-798

mitre

web.nvd.nist.gov

cve-2018-17558

hardcoded credentials

os command injection

abus tvip

cameras

remote code execution

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

Affected configurations

Nvd

Node

abustvip_10000_firmwareMatch-

AND

abustvip_10000Match-

Node

abustvip_10001_firmwareMatch-

AND

abustvip_10001Match-

Node

abustvip_10005_firmwareMatch-

AND

abustvip_10005Match-

Node

abustvip_10005a_firmwareMatch-

AND

abustvip_10005aMatch-

Node

abustvip_10005b_firmwareMatch-

AND

abustvip_10005bMatch-

Node

abustvip_10050_firmwareMatch-

AND

abustvip_10050Match-

Node

abustvip_10051_firmwareMatch-

AND

abustvip_10051Match-

Node

abustvip_10055a_firmwareMatch-

AND

abustvip_10055aMatch-

Node

abustvip_10055b_firmwareMatch-

AND

abustvip_10055bMatch-

Node

abustvip_10500_firmwareMatch-

AND

abustvip_10500Match-

Node

abustvip_10550_firmwareMatch-

AND

abustvip_10550Match-

Node

abustvip_11000_firmwareMatch-

AND

abustvip_11000Match-

Node

abustvip_11050_firmwareMatch-

AND

abustvip_11050Match-

Node

abustvip_11500_firmwareMatch-

AND

abustvip_11500Match-

Node

abustvip_11501_firmwareMatch-

AND

abustvip_11501Match-

Node

abustvip_11502_firmwareMatch-

AND

abustvip_11502Match-

Node

abustvip_11550_firmwareMatch-

AND

abustvip_11550Match-

Node

abustvip_11551_firmwareMatch-

AND

abustvip_11551Match-

Node

abustvip_11552_firmwareMatch-

AND

abustvip_11552Match-

Node

abustvip_20000_firmwareMatch-

AND

abustvip_20000Match-

Node

abustvip_20050_firmwareMatch-

AND

abustvip_20050Match-

Node

abustvip_20500_firmwareMatch-

AND

abustvip_20500Match-

Node

abustvip_20550_firmwareMatch-

AND

abustvip_20550Match-

Node

abustvip_21000_firmwareMatch-

AND

abustvip_21000Match-

Node

abustvip_21050_firmwareMatch-

AND

abustvip_21050Match-

Node

abustvip_21500_firmwareMatch-

AND

abustvip_21500Match-

Node

abustvip_21501_firmwareMatch-

AND

abustvip_21501Match-

Node

abustvip_21502_firmwareMatch-

AND

abustvip_21502Match-

Node

abustvip_21550_firmwareMatch-

AND

abustvip_21550Match-

Node

abustvip_21551_firmwareMatch-

AND

abustvip_21551Match-

Node

abustvip_21552_firmwareMatch-

AND

abustvip_21552Match-

Node

abustvip_22500_firmwareMatch-

AND

abustvip_22500Match-

Node

abustvip_31000_firmwareMatch-

AND

abustvip_31000Match-

Node

abustvip_31001_firmwareMatch-

AND

abustvip_31001Match-

Node

abustvip_31050_firmwareMatch-

AND

abustvip_31050Match-

Node

abustvip_31500_firmwareMatch-

AND

abustvip_31500Match-

Node

abustvip_31501_firmwareMatch-

AND

abustvip_31501Match-

Node

abustvip_31550_firmwareMatch-

AND

abustvip_31550Match-

Node

abustvip_31551_firmwareMatch-

AND

abustvip_31551Match-

Node

abustvip_32500_firmwareMatch-

AND

abustvip_32500Match-

Node

abustvip_51500_firmwareMatch-

AND

abustvip_51500Match-

Node

abustvip_51550_firmwareMatch-

AND

abustvip_51550Match-

Node

abustvip_71500_firmwareMatch-

AND

abustvip_71500Match-

Node

abustvip_71501_firmwareMatch-

AND

abustvip_71501Match-

Node

abustvip_71550_firmwareMatch-

AND

abustvip_71550Match-

Node

abustvip_71551_firmwareMatch-

AND

abustvip_71551Match-

Node

abustvip_72500_firmwareMatch-

AND

abustvip_72500Match-

VendorProductVersionCPE
abustvip_10000_firmware-cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*
abustvip_10000-cpe:2.3:h:abus:tvip_10000:-:*:*:*:*:*:*:*
abustvip_10001_firmware-cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*
abustvip_10001-cpe:2.3:h:abus:tvip_10001:-:*:*:*:*:*:*:*
abustvip_10005_firmware-cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*
abustvip_10005-cpe:2.3:h:abus:tvip_10005:-:*:*:*:*:*:*:*
abustvip_10005a_firmware-cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*
abustvip_10005a-cpe:2.3:h:abus:tvip_10005a:-:*:*:*:*:*:*:*
abustvip_10005b_firmware-cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*
abustvip_10005b-cpe:2.3:h:abus:tvip_10005b:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
abus	tvip_10000_firmware	-	cpe:2.3:o:abus:tvip_10000_firmware:-:::::::*
abus	tvip_10000	-	cpe:2.3:h:abus:tvip_10000:-:::::::*
abus	tvip_10001_firmware	-	cpe:2.3:o:abus:tvip_10001_firmware:-:::::::*
abus	tvip_10001	-	cpe:2.3:h:abus:tvip_10001:-:::::::*
abus	tvip_10005_firmware	-	cpe:2.3:o:abus:tvip_10005_firmware:-:::::::*
abus	tvip_10005	-	cpe:2.3:h:abus:tvip_10005:-:::::::*
abus	tvip_10005a_firmware	-	cpe:2.3:o:abus:tvip_10005a_firmware:-:::::::*
abus	tvip_10005a	-	cpe:2.3:h:abus:tvip_10005a:-:::::::*
abus	tvip_10005b_firmware	-	cpe:2.3:o:abus:tvip_10005b_firmware:-:::::::*
abus	tvip_10005b	-	cpe:2.3:h:abus:tvip_10005b:-:::::::*

Rows per page:

1-10 of 941

References

sec.maride.cc/posts/abus/

www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

Related for CVE-2018-17558