Lucene search

MitreCVE-2018-17879

HistoryOct 26, 2023 - 10:15 p.m.

CVE-2018-17879

2023-10-2622:15:08

CWE-78

mitre

web.nvd.nist.gov

abus tvip

cameras

cgi

remote code execution

root

injection points

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

Affected configurations

Nvd

Node

abustvip_10000_firmwareMatch-

AND

abustvip_10000Match-

Node

abustvip_10001_firmwareMatch-

AND

abustvip_10001Match-

Node

abustvip_10005Match-

AND

abustvip_10005_firmwareMatch-

Node

abustvip_10005aMatch-

AND

abustvip_10005a_firmwareMatch-

Node

abustvip_10005bMatch-

AND

abustvip_10005b_firmwareMatch-

Node

abustvip_10050Match-

AND

abustvip_10050_firmwareMatch-

Node

abustvip_10051Match-

AND

abustvip_10051_firmwareMatch-

Node

abustvip_10055aMatch-

AND

abustvip_10055a_firmwareMatch-

Node

abustvip_10055bMatch-

AND

abustvip_10055b_firmwareMatch-

Node

abustvip_10500Match-

AND

abustvip_10500_firmwareMatch-

Node

abustvip_10550Match-

AND

abustvip_10550_firmwareMatch-

Node

abustvip_11000Match-

AND

abustvip_11000_firmwareMatch-

Node

abustvip_11050Match-

AND

abustvip_11050_firmwareMatch-

Node

abustvip_11500_firmwareMatch-

AND

abustvip_11500Match-

Node

abustvip_11501_firmwareMatch-

AND

abustvip_11501Match-

Node

abustvip_11502_firmwareMatch-

AND

abustvip_11502Match-

Node

abustvip_11550_firmwareMatch-

AND

abustvip_11550Match-

Node

abustvip_11551_firmwareMatch-

AND

abustvip_11551Match-

Node

abustvip_11552_firmwareMatch-

AND

abustvip_11552Match-

Node

abustvip_20000_firmwareMatch-

AND

abustvip_20000Match-

Node

abustvip_20050_firmwareMatch-

AND

abustvip_20050Match-

Node

abustvip_20500_firmwareMatch-

AND

abustvip_20500Match-

Node

abustvip_20550_firmwareMatch-

AND

abustvip_20550Match-

Node

abustvip_21000_firmwareMatch-

AND

abustvip_21000Match-

Node

abustvip_21050_firmwareMatch-

AND

abustvip_21050Match-

Node

abustvip_21500_firmwareMatch-

AND

abustvip_21500Match-

Node

abustvip_21501_firmwareMatch-

AND

abustvip_21501Match-

Node

abustvip_21502_firmwareMatch-

AND

abustvip_21502Match-

Node

abustvip_21550_firmwareMatch-

AND

abustvip_21550Match-

Node

abustvip_21551_firmwareMatch-

AND

abustvip_21551Match-

Node

abustvip_21552_firmwareMatch-

AND

abustvip_21552Match-

Node

abustvip_22500_firmwareMatch-

AND

abustvip_22500Match-

Node

abustvip_31000_firmwareMatch-

AND

abustvip_31000Match-

Node

abustvip_31001_firmwareMatch-

AND

abustvip_31001Match-

Node

abustvip_31050_firmwareMatch-

AND

abustvip_31050Match-

Node

abustvip_31500_firmwareMatch-

AND

abustvip_31500Match-

Node

abustvip_31501_firmwareMatch-

AND

abustvip_31501Match-

Node

abustvip_31550_firmwareMatch-

AND

abustvip_31550Match-

Node

abustvip_31551_firmwareMatch-

AND

abustvip_31551Match-

Node

abustvip_32500_firmwareMatch-

AND

abustvip_32500Match-

Node

abustvip_51500_firmwareMatch-

AND

abustvip_51500Match-

Node

abustvip_51550_firmwareMatch-

AND

abustvip_51550Match-

Node

abustvip_71500_firmwareMatch-

AND

abustvip_71500Match-

Node

abustvip_71501_firmwareMatch-

AND

abustvip_71501Match-

Node

abustvip_71550_firmwareMatch-

AND

abustvip_71550Match-

Node

abustvip_71551_firmwareMatch-

AND

abustvip_71551Match-

Node

abustvip_72500_firmwareMatch-

AND

abustvip_72500Match-

VendorProductVersionCPE
abustvip_10000_firmware-cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*
abustvip_10000-cpe:2.3:h:abus:tvip_10000:-:*:*:*:*:*:*:*
abustvip_10001_firmware-cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*
abustvip_10001-cpe:2.3:h:abus:tvip_10001:-:*:*:*:*:*:*:*
abustvip_10005-cpe:2.3:h:abus:tvip_10005:-:*:*:*:*:*:*:*
abustvip_10005_firmware-cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*
abustvip_10005a-cpe:2.3:h:abus:tvip_10005a:-:*:*:*:*:*:*:*
abustvip_10005a_firmware-cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*
abustvip_10005b-cpe:2.3:h:abus:tvip_10005b:-:*:*:*:*:*:*:*
abustvip_10005b_firmware-cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
abus	tvip_10000_firmware	-	cpe:2.3:o:abus:tvip_10000_firmware:-:::::::*
abus	tvip_10000	-	cpe:2.3:h:abus:tvip_10000:-:::::::*
abus	tvip_10001_firmware	-	cpe:2.3:o:abus:tvip_10001_firmware:-:::::::*
abus	tvip_10001	-	cpe:2.3:h:abus:tvip_10001:-:::::::*
abus	tvip_10005	-	cpe:2.3:h:abus:tvip_10005:-:::::::*
abus	tvip_10005_firmware	-	cpe:2.3:o:abus:tvip_10005_firmware:-:::::::*
abus	tvip_10005a	-	cpe:2.3:h:abus:tvip_10005a:-:::::::*
abus	tvip_10005a_firmware	-	cpe:2.3:o:abus:tvip_10005a_firmware:-:::::::*
abus	tvip_10005b	-	cpe:2.3:h:abus:tvip_10005b:-:::::::*
abus	tvip_10005b_firmware	-	cpe:2.3:o:abus:tvip_10005b_firmware:-:::::::*

Rows per page:

1-10 of 941

References

sec.maride.cc/posts/abus/#cve-2018-17879

www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

Related for CVE-2018-17879