An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

Advisories

CVE-2018-17878

October 26, 2023

Read Time:7 Second

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.

Advisories

CVE-2018-17559

October 26, 2023

Read Time:6 Second

Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.

Advisories

CVE-2018-17558

October 26, 2023

Read Time:21 Second

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

Advisories

CVE-2018-16739

October 26, 2023

Read Time:10 Second

An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.

Cyber Security News

Daily Archives: October 26, 2023

suricata-6.0.15-1.el9

FEDORA-EPEL-2023-f45cb7e6ad

Packages in this update:

Update description:

suricata-6.0.15-1.fc39

FEDORA-2023-a4de0fb2bb

Packages in this update:

Update description:

suricata-6.0.15-1.el8

FEDORA-EPEL-2023-799d16fa93

Packages in this update:

Update description:

suricata-6.0.15-1.fc38

FEDORA-2023-0861a23801

Packages in this update:

Update description:

suricata-6.0.15-1.fc37

FEDORA-2023-4e2fe2ebac

Packages in this update:

Update description:

CVE-2018-17879

CVE-2018-17878

CVE-2018-17559

CVE-2018-17558

CVE-2018-16739

News, Advisories and much more