CVE-2020-7879 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2020-7879?

CVE-2020-7879 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-7879?

Check the references section above for vendor advisories and patch information. Affected products include: Iptime C200 Firmware, Iptime C200.

Vulnerability Description

This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Iptime	C200 Firmware	<= 1.0.16
Iptime	C200	-

Related Weaknesses (CWE)

CWE-78

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365Third Party Advisory

FAQ

What is CVE-2020-7879?

CVE-2020-7879 is a vulnerability with a CVSS score of 8.8 (HIGH). This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]...

How severe is CVE-2020-7879?

CVE-2020-7879 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7879?

Check the references section above for vendor advisories and patch information. Affected products include: Iptime C200 Firmware, Iptime C200.