Vulnerability Description
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vivotek | Network Camera Ib8369 Firmware | ib8369-vvtk-0102a |
| Vivotek | Network Camera Ib8369 | - |
| Vivotek | Network Camera Fd8164 Firmware | fd8164-_vvtk-0200b |
| Vivotek | Network Camera Fd8164 | - |
| Vivotek | Network Camera Fd816Ba Firmware | fd816ba-vvtk-010101. |
| Vivotek | Network Camera Fd816Ba | - |
Related Weaknesses (CWE)
References
- https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotekThird Party Advisory
- https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotekThird Party Advisory
FAQ
What is CVE-2017-9828?
CVE-2017-9828 is a vulnerability with a CVSS score of 9.8 (CRITICAL). '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root v...
How severe is CVE-2017-9828?
CVE-2017-9828 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-9828?
Check the references section above for vendor advisories and patch information. Affected products include: Vivotek Network Camera Ib8369 Firmware, Vivotek Network Camera Ib8369, Vivotek Network Camera Fd8164 Firmware, Vivotek Network Camera Fd8164, Vivotek Network Camera Fd816Ba Firmware.