Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities by EFM networks & multimedia

    CVE-2020-7879 (GCVE-0-2020-7879)

    Vulnerability from cvelistv5 – Published: 2021-11-30 18:37 – Updated: 2024-08-04 09:41
    VLAI
    Title
    ipTIME C200 IP Camera command injection vulnerability
    Summary
    This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    EFM networks & multimedia ipTIME C200 IP Camera Affected: 1.0.16 , ≤ 1.0.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "N/A"
              ],
              "product": "ipTIME C200 IP Camera",
              "vendor": "EFM networks \u0026 multimedia",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.16",
                  "status": "affected",
                  "version": "1.0.16",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie(\u0027[COOKIE]\u0027) . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-30T18:37:29.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ipTIME C200 IP Camera command injection vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2020-7879",
              "STATE": "PUBLIC",
              "TITLE": "ipTIME C200 IP Camera command injection vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ipTIME C200 IP Camera",
                          "version": {
                            "version_data": [
                              {
                                "platform": "N/A",
                                "version_affected": "\u003c=",
                                "version_name": "1.0.16",
                                "version_value": "1.0.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "EFM networks \u0026 multimedia"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie(\u0027[COOKIE]\u0027) . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2020-7879",
        "datePublished": "2021-11-30T18:37:29.000Z",
        "dateReserved": "2020-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:41:01.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26614 (GCVE-0-2021-26614)

    Vulnerability from cvelistv5 – Published: 2021-11-22 14:38 – Updated: 2024-08-03 20:26
    VLAI
    Title
    IpTime C200 IP camera remote code execution vulnerability
    Summary
    ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    EFM networks & multimedia ipTIME C200 IP Camera Affected: 1.058 , ≤ 1.058 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36346"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Ubuntu 20.04"
              ],
              "product": "ipTIME C200 IP Camera",
              "vendor": "EFM networks \u0026 multimedia",
              "versions": [
                {
                  "lessThanOrEqual": "1.058",
                  "status": "affected",
                  "version": "1.058",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749 Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-22T14:38:24.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36346"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IpTime C200 IP camera remote code execution vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26614",
              "STATE": "PUBLIC",
              "TITLE": "IpTime C200 IP camera remote code execution vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ipTIME C200 IP Camera",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Ubuntu 20.04",
                                "version_affected": "\u003c=",
                                "version_name": "1.058",
                                "version_value": "1.058"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "EFM networks \u0026 multimedia"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-749 Exposed Dangerous Method or Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36346",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36346"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26614",
        "datePublished": "2021-11-22T14:38:24.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7848 (GCVE-0-2020-7848)

    Vulnerability from cvelistv5 – Published: 2021-02-17 13:29 – Updated: 2024-08-04 09:41
    VLAI
    Summary
    The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    EFM networks & multimedia ipTIME C200 IP Camera Affected: 1.0.12 , ≤ 1.0.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.870Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "ipTIME C200 IP Camera",
              "vendor": "EFM networks \u0026 multimedia",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.12",
                  "status": "affected",
                  "version": "1.0.12",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-17T13:29:52.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2020-7848",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ipTIME C200 IP Camera",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_name": "1.0.12",
                                "version_value": "1.0.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "EFM networks \u0026 multimedia"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2020-7848",
        "datePublished": "2021-02-17T13:29:52.000Z",
        "dateReserved": "2020-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:41:01.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7879 (GCVE-0-2020-7879)

    Vulnerability from nvd – Published: 2021-11-30 18:37 – Updated: 2024-08-04 09:41
    VLAI
    Title
    ipTIME C200 IP Camera command injection vulnerability
    Summary
    This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    EFM networks & multimedia ipTIME C200 IP Camera Affected: 1.0.16 , ≤ 1.0.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "N/A"
              ],
              "product": "ipTIME C200 IP Camera",
              "vendor": "EFM networks \u0026 multimedia",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.16",
                  "status": "affected",
                  "version": "1.0.16",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie(\u0027[COOKIE]\u0027) . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-30T18:37:29.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ipTIME C200 IP Camera command injection vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2020-7879",
              "STATE": "PUBLIC",
              "TITLE": "ipTIME C200 IP Camera command injection vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ipTIME C200 IP Camera",
                          "version": {
                            "version_data": [
                              {
                                "platform": "N/A",
                                "version_affected": "\u003c=",
                                "version_name": "1.0.16",
                                "version_value": "1.0.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "EFM networks \u0026 multimedia"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie(\u0027[COOKIE]\u0027) . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2020-7879",
        "datePublished": "2021-11-30T18:37:29.000Z",
        "dateReserved": "2020-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:41:01.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26614 (GCVE-0-2021-26614)

    Vulnerability from nvd – Published: 2021-11-22 14:38 – Updated: 2024-08-03 20:26
    VLAI
    Title
    IpTime C200 IP camera remote code execution vulnerability
    Summary
    ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    EFM networks & multimedia ipTIME C200 IP Camera Affected: 1.058 , ≤ 1.058 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36346"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Ubuntu 20.04"
              ],
              "product": "ipTIME C200 IP Camera",
              "vendor": "EFM networks \u0026 multimedia",
              "versions": [
                {
                  "lessThanOrEqual": "1.058",
                  "status": "affected",
                  "version": "1.058",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749 Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-22T14:38:24.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36346"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IpTime C200 IP camera remote code execution vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2021-26614",
              "STATE": "PUBLIC",
              "TITLE": "IpTime C200 IP camera remote code execution vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ipTIME C200 IP Camera",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Ubuntu 20.04",
                                "version_affected": "\u003c=",
                                "version_name": "1.058",
                                "version_value": "1.058"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "EFM networks \u0026 multimedia"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-749 Exposed Dangerous Method or Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36346",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36346"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26614",
        "datePublished": "2021-11-22T14:38:24.000Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:26:25.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7848 (GCVE-0-2020-7848)

    Vulnerability from nvd – Published: 2021-02-17 13:29 – Updated: 2024-08-04 09:41
    VLAI
    Summary
    The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    EFM networks & multimedia ipTIME C200 IP Camera Affected: 1.0.12 , ≤ 1.0.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.870Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "ipTIME C200 IP Camera",
              "vendor": "EFM networks \u0026 multimedia",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.12",
                  "status": "affected",
                  "version": "1.0.12",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-17T13:29:52.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "ID": "CVE-2020-7848",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ipTIME C200 IP Camera",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_name": "1.0.12",
                                "version_value": "1.0.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "EFM networks \u0026 multimedia"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905",
                  "refsource": "MISC",
                  "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2020-7848",
        "datePublished": "2021-02-17T13:29:52.000Z",
        "dateReserved": "2020-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:41:01.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }