Lucene search

BitdefenderCVELIST:CVE-2020-8101

HistoryFeb 02, 2021 - 11:10 a.m.

CVE-2020-8101 Command execution due to unsanitized input in LifeShield DIY HD Video Doorbell

2021-02-0211:10:14

CWE-77

Bitdefender

www.cve.org

cve-2020-8101

command injection

adt lifeshield

CVSS3

6.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

42.2%

JSON

Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version 1.0.02R09 and prior versions.

CNA Affected

[
  {
    "product": "LifeShield DIY HD Video Doorbell",
    "vendor": "ADT",
    "versions": [
      {
        "lessThanOrEqual": "1.0.02R09",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

labs.bitdefender.com/2021/01/cracking-the-lifeshield-unauthorized-live-streaming-in-your-home/

CVSS3

6.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

42.2%

JSON

Related for CVELIST:CVE-2020-8101