← Back

CVE-2018-17558

nvd nist
Published: Oct 26, 2023Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

Affected (47)

Products: Abus: Tvip 10000 Firmware, Tvip 10001 Firmware, Tvip 10005 Firmware, Tvip 10005a Firmware, Tvip 10005b Firmware, Tvip 10050 Firmware, Tvip 10051 Firmware, Tvip 10055a Firmware, Tvip 10055b Firmware, Tvip 10500 Firmware, Tvip 10550 Firmware, Tvip 11000 Firmware, Tvip 11050 Firmware, Tvip 11500 Firmware, Tvip 11501 Firmware, Tvip 11502 Firmware, Tvip 11550 Firmware, Tvip 11551 Firmware, Tvip 11552 Firmware, Tvip 20000 Firmware, Tvip 20050 Firmware, Tvip 20500 Firmware, Tvip 20550 Firmware, Tvip 21000 Firmware, Tvip 21050 Firmware, Tvip 21500 Firmware, Tvip 21501 Firmware, Tvip 21502 Firmware, Tvip 21550 Firmware, Tvip 21551 Firmware, Tvip 21552 Firmware, Tvip 22500 Firmware, Tvip 31000 Firmware, Tvip 31001 Firmware, Tvip 31050 Firmware, Tvip 31500 Firmware, Tvip 31501 Firmware, Tvip 31550 Firmware, Tvip 31551 Firmware, Tvip 32500 Firmware, Tvip 51500 Firmware, Tvip 51550 Firmware, Tvip 71500 Firmware, Tvip 71501 Firmware, Tvip 71550 Firmware, Tvip 71551 Firmware, Tvip 72500 Firmware
Abus
47 products
Tvip 10000 Firmware
Tvip 10001 Firmware
Tvip 10005 Firmware
Tvip 10005a Firmware
Tvip 10005b Firmware
Tvip 10050 Firmware
Tvip 10051 Firmware
Tvip 10055a Firmware
Tvip 10055b Firmware
Tvip 10500 Firmware
Tvip 10550 Firmware
Tvip 11000 Firmware
Tvip 11050 Firmware
Tvip 11500 Firmware
Tvip 11501 Firmware
Tvip 11502 Firmware
Tvip 11550 Firmware
Tvip 11551 Firmware
Tvip 11552 Firmware
Tvip 20000 Firmware
Tvip 20050 Firmware
Tvip 20500 Firmware
Tvip 20550 Firmware
Tvip 21000 Firmware
Tvip 21050 Firmware
Tvip 21500 Firmware
Tvip 21501 Firmware
Tvip 21502 Firmware
Tvip 21550 Firmware
Tvip 21551 Firmware
Tvip 21552 Firmware
Tvip 22500 Firmware
Tvip 31000 Firmware
Tvip 31001 Firmware
Tvip 31050 Firmware
Tvip 31500 Firmware
Tvip 31501 Firmware
Tvip 31550 Firmware
Tvip 31551 Firmware
Tvip 32500 Firmware
Tvip 51500 Firmware
Tvip 51550 Firmware
Tvip 71500 Firmware
Tvip 71501 Firmware
Tvip 71550 Firmware
Tvip 71551 Firmware
Tvip 72500 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10000 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10000
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10001 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10001
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10005 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10005
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10005a Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10005a
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10005b Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10005b
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10050 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10050
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10051 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10051
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10055a Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10055a
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10055b Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10055b
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10500
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 10550 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 10550
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 11000 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 11000
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 11050 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 11050
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 11500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 11500
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 11501 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 11501
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 11502 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 11502
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 11550 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 11550
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 11551 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 11551
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 11552 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 11552
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 20000 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 20000
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 20050 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 20050
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 20500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 20500
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 20550 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 20550
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 21000 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 21000
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 21050 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 21050
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 21500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 21500
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 21501 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 21501
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 21502 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 21502
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 21550 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 21550
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 21551 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 21551
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 21552 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 21552
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 22500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 22500
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 31000 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 31000
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 31001 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 31001
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 31050 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 31050
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 31500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 31500
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 31501 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 31501
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 31550 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 31550
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 31551 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 31551
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 32500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 32500
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 51500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 51500
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 51550 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 51550
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 71500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 71500
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 71501 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 71501
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 71550 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 71550
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 71551 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 71551
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tvip 72500 Firmware
All versions
Running on/withPlatform Versions
Abus
Tvip 72500
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.