CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
66.2%
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
Vendor | Product | Version | CPE |
---|---|---|---|
abus | tvip_10000_firmware | - | cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:* |
abus | tvip_10000 | - | cpe:2.3:h:abus:tvip_10000:-:*:*:*:*:*:*:* |
abus | tvip_10001_firmware | - | cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:* |
abus | tvip_10001 | - | cpe:2.3:h:abus:tvip_10001:-:*:*:*:*:*:*:* |
abus | tvip_10005_firmware | - | cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:* |
abus | tvip_10005 | - | cpe:2.3:h:abus:tvip_10005:-:*:*:*:*:*:*:* |
abus | tvip_10005a_firmware | - | cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:* |
abus | tvip_10005a | - | cpe:2.3:h:abus:tvip_10005a:-:*:*:*:*:*:*:* |
abus | tvip_10005b_firmware | - | cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:* |
abus | tvip_10005b | - | cpe:2.3:h:abus:tvip_10005b:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
66.2%