CVE-2018-17879
CRITICALABUS TVIP Firmware - Unauthenticated Remote Code Execution via CGI Script Injection
Title source: llmDescription
An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://sec.maride.cc/posts/abus/#cve-2018-17879
Scores
CVSS v3
9.8
EPSS
0.2185
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (47)
abus/tvip_10000_firmware
abus/tvip_10001_firmware
abus/tvip_10005_firmware
abus/tvip_10005a_firmware
abus/tvip_10005b_firmware
abus/tvip_10050_firmware
abus/tvip_10051_firmware
abus/tvip_10055a_firmware
abus/tvip_10055b_firmware
abus/tvip_10500_firmware
... and 37 more
Published
Oct 26, 2023
Tracked Since
Feb 18, 2026