CVE-2018-10660
CRITICALAxis A1001 Firmware < 1.65.1 - OS Command Injection
Title source: ruleDescription
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
Exploits (2)
metasploit
WORKING POC
EXCELLENT
by Or Peles, wvu, sinn3r, Brent Cook, Jacob Robles, Matthew Kienow, Shelby Pace, Chris Lee, Cale Black · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/axis_srv_parhand_rce.rb
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/45100
References (4)
Scores
CVSS v3
9.8
EPSS
0.9133
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-78
Status
published
Affected Products (50)
axis/a1001_firmware
< 1.65.1
axis/a8004-v_firmware
< 1.65.2
axis/a8105-e_firmware
< 1.65.2
axis/a9161_firmware
< 1.65.0
axis/a9188_firmware
< 1.65.0
axis/a9188-v_firmware
< 1.65.0
axis/c1004-e_firmware
< 1.81.040.1
axis/c2005_firmware
< 1.81.040.1
axis/c3003-e_firmware
< 1.81.040.1
axis/c8033_firmware
< 1.81.040.1
axis/companion_bullet_le_firmware
< 8.20.1
axis/companion_c360_firmware
< 7.15.2.3
axis/companion_cube_l_firmware
< 8.20.1
axis/companion_cube_lw_firmware
< 8.20.1
axis/companion_dome_v_firmware
< 8.20.1
... and 35 more
Timeline
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026