CVE-2018-17879

Published: Oct 26, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

Affected (47)

Products: Abus: Tvip 10000 Firmware, Tvip 10001 Firmware, Tvip 10005 Firmware, Tvip 10005a Firmware, Tvip 10005b Firmware, Tvip 10050 Firmware, Tvip 10051 Firmware, Tvip 10055a Firmware, Tvip 10055b Firmware, Tvip 10500 Firmware, Tvip 10550 Firmware, Tvip 11000 Firmware, Tvip 11050 Firmware, Tvip 11500 Firmware, Tvip 11501 Firmware, Tvip 11502 Firmware, Tvip 11550 Firmware, Tvip 11551 Firmware, Tvip 11552 Firmware, Tvip 20000 Firmware, Tvip 20050 Firmware, Tvip 20500 Firmware, Tvip 20550 Firmware, Tvip 21000 Firmware, Tvip 21050 Firmware, Tvip 21500 Firmware, Tvip 21501 Firmware, Tvip 21502 Firmware, Tvip 21550 Firmware, Tvip 21551 Firmware, Tvip 21552 Firmware, Tvip 22500 Firmware, Tvip 31000 Firmware, Tvip 31001 Firmware, Tvip 31050 Firmware, Tvip 31500 Firmware, Tvip 31501 Firmware, Tvip 31550 Firmware, Tvip 31551 Firmware, Tvip 32500 Firmware, Tvip 51500 Firmware, Tvip 51550 Firmware, Tvip 71500 Firmware, Tvip 71501 Firmware, Tvip 71550 Firmware, Tvip 71551 Firmware, Tvip 72500 Firmware

47 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10000 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10001 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10001	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10005 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10005	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10005a Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10005a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10005b Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10005b	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10050 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10050	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10051 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10051	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10055a Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10055a	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10055b Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10055b	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10500	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 10550 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 10550	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 11000 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 11000	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 11050 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 11050	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 11500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 11500	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 11501 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 11501	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 11502 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 11502	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 11550 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 11550	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 11551 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 11551	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 11552 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 11552	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 20000 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 20000	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 20050 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 20050	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 20500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 20500	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 20550 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 20550	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 21000 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 21000	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 21050 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 21050	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 21500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 21500	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 21501 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 21501	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 21502 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 21502	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 21550 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 21550	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 21551 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 21551	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 21552 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 21552	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 22500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 22500	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 31000 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 31000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 31001 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 31001	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 31050 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 31050	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 31500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 31500	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 31501 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 31501	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 31550 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 31550	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 31551 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 31551	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 32500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 32500	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 51500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 51500	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 51550 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 51550	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 71500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 71500	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 71501 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 71501	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 71550 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 71550	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 71551 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 71551	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Tvip 72500 Firmware	All versions

Running on/with	Platform Versions
Abus Tvip 72500	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://sec.maride.cc/posts/abus/#cve-2018-17879

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen

Source: cve@mitre.org

Third Party Advisory

https://sec.maride.cc/posts/abus/#cve-2018-17879

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.