CVE-2018-17879

CRITICAL

ABUS TVIP Firmware - Unauthenticated Remote Code Execution via CGI Script Injection

Title source: llm
STIX 2.1

Description

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.2185
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (47)
abus/tvip_10000_firmware
abus/tvip_10001_firmware
abus/tvip_10005_firmware
abus/tvip_10005a_firmware
abus/tvip_10005b_firmware
abus/tvip_10050_firmware
abus/tvip_10051_firmware
abus/tvip_10055a_firmware
abus/tvip_10055b_firmware
abus/tvip_10500_firmware
... and 37 more
Published Oct 26, 2023
Tracked Since Feb 18, 2026