Unrated severityNVD Advisory· Published Nov 30, 2021· Updated Aug 4, 2024
ipTIME C200 IP Camera command injection vulnerability
CVE-2020-7879
Description
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.
Affected products
2- EFM networks & multimedia/ipTIME C200 IP Camerav5Range: 1.0.16
Patches
Vulnerability mechanics
References
1- www.boho.or.kr/krcert/secNoticeView.domitrex_refsource_MISC
News mentions
0No linked articles in our index yet.