Vulnerability Description
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axis | Network Camera Firmware | - |
| Axis | Cannon Network Camera | - |
| Axis | Explosion-Protected Camera | - |
| Axis | Fixed Box Camera | - |
| Axis | Fixed Bullet Camera | - |
| Axis | Fixed Dome Camera | - |
| Axis | Modular Camera | - |
| Axis | Onboard Camera | - |
| Axis | Panoramic Camera | - |
| Axis | Ptz Camera | - |
| Axis | Thermal Camera | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-ExExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/92159Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40171/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-ExExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/92159Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40171/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-8257?
CVE-2015-8257 is a vulnerability with a CVSS score of 8.8 (HIGH). The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_c...
How severe is CVE-2015-8257?
CVE-2015-8257 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8257?
Check the references section above for vendor advisories and patch information. Affected products include: Axis Network Camera Firmware, Axis Cannon Network Camera, Axis Explosion-Protected Camera, Axis Fixed Box Camera, Axis Fixed Bullet Camera.