CVE-2014-6434

GoPro HERO 3+ - OS Command Injection via gpExec Restart Action Parameters

Title source: llm
STIX 2.1

Description

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-348/

Scores

EPSS 0.0317
EPSS Percentile 86.5%

Details

CWE
CWE-78
Status published
Products (2)
gopro/gopro_hero 3\+
gopro/gopro_hero_firmware 3\+
Published Oct 07, 2014
Tracked Since Feb 18, 2026