1. Home
  2. CVE Database
  3. CVE-2018-17558
CRITICAL · 9.8

CVE-2018-17558

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM....

Vulnerability Description

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AbusTvip 10000 Firmware-
AbusTvip 10000-
AbusTvip 10001 Firmware-
AbusTvip 10001-
AbusTvip 10005 Firmware-
AbusTvip 10005-
AbusTvip 10005A Firmware-
AbusTvip 10005A-
AbusTvip 10005B Firmware-
AbusTvip 10005B-
AbusTvip 10050 Firmware-
AbusTvip 10050-
AbusTvip 10051 Firmware-
AbusTvip 10051-
AbusTvip 10055A Firmware-
AbusTvip 10055A-
AbusTvip 10055B Firmware-
AbusTvip 10055B-
AbusTvip 10500 Firmware-
AbusTvip 10500-

Related Weaknesses (CWE)

CWE-78CWE-798

References

FAQ

What is CVE-2018-17558?

CVE-2018-17558 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM....

How severe is CVE-2018-17558?

CVE-2018-17558 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-17558?

Check the references section above for vendor advisories and patch information. Affected products include: Abus Tvip 10000 Firmware, Abus Tvip 10000, Abus Tvip 10001 Firmware, Abus Tvip 10001, Abus Tvip 10005 Firmware.