CVE-2018-3937
7.2
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD
Description
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.
Affected (14)
Products: Sony: Snc Eb600 Firmware, Snc Eb630 Firmware, Snc Eb600b Firmware, Snc Eb630b Firmware, Snc Eb602r Firmware, Snc Eb632r Firmware, Snc Em600 Firmware, Snc Em601 Firmware, Snc Em630 Firmware, Snc Em631 Firmware, Snc Em602r Firmware, Snc Em632r Firmware, Snc Em602rc Firmware, Snc Em632rc Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Eb600 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Eb630 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Eb600b | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Eb630b | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Eb602r | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Eb632r | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Em600 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Em601 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Em630 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Em631 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Em602r | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Em632r | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Em602rc | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.87.00 |
| Running on/with | Platform Versions |
|---|---|
Sony Snc Em632rc | All versions |
References (2)
Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.