CVE-2022-40785

Published: Sep 26, 2022Modified: May 22, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app.

Affected (1)

Products: Mipcm: Mipc Camera Firmware

1 product

Mipc Camera Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mipcm Mipc Camera Firmware	Version 5.3.1.2003161406

Running on/with	Platform Versions
Mipcm Mipc Camera	All versions

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (3)

https://hackmd.io/%40_zOX-PXQQFmCETA_RZIgow/BkOhIU1oc

Source: cve@mitre.org

https://hackmd.io/%40_zOX-PXQQFmCETA_RZIgow/BkOhIU1oc

Source: af854a3a-2127-422b-91ae-364da2661108

https://hackmd.io/@_zOX-PXQQFmCETA_RZIgow/BkOhIU1oc

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.