Vulnerability Description
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sony | Snc-Eb600 Firmware | 1.87.00 |
| Sony | Snc-Eb600 | - |
| Sony | Snc-Eb630 Firmware | 1.87.00 |
| Sony | Snc-Eb630 | - |
| Sony | Snc-Eb600B Firmware | 1.87.00 |
| Sony | Snc-Eb600B | - |
| Sony | Snc-Eb630B Firmware | 1.87.00 |
| Sony | Snc-Eb630B | - |
| Sony | Snc-Eb602R Firmware | 1.87.00 |
| Sony | Snc-Eb602R | - |
| Sony | Snc-Eb632R Firmware | 1.87.00 |
| Sony | Snc-Eb632R | - |
| Sony | Snc-Em600 Firmware | 1.87.00 |
| Sony | Snc-Em600 | - |
| Sony | Snc-Em601 Firmware | 1.87.00 |
| Sony | Snc-Em601 | - |
| Sony | Snc-Em630 Firmware | 1.87.00 |
| Sony | Snc-Em630 | - |
| Sony | Snc-Em631 Firmware | 1.87.00 |
| Sony | Snc-Em631 | - |
Related Weaknesses (CWE)
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604ExploitThird Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604ExploitThird Party Advisory
FAQ
What is CVE-2018-3937?
CVE-2018-3937 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause a...
How severe is CVE-2018-3937?
CVE-2018-3937 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-3937?
Check the references section above for vendor advisories and patch information. Affected products include: Sony Snc-Eb600 Firmware, Sony Snc-Eb600, Sony Snc-Eb630 Firmware, Sony Snc-Eb630, Sony Snc-Eb600B Firmware.