CVE-2019-12289
CRITICALVStarcam C7824WIP and C38S Firmware - Unauthenticated Remote Command Execution via Firmware Update
Title source: llmDescription
An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.
References (1)
Core 1
Core References
Broken Link x_refsource_misc
http://f1security.co.kr/cve/cve_190314.htm
Scores
CVSS v3
9.8
EPSS
0.0221
EPSS Percentile
80.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (2)
vstracam/c38s_firmware
ch-sys-48.53.203.119\~123
vstracam/c7824wip_firmware
ch-sys-48.53.75.119\~123
Published
May 23, 2019
Tracked Since
Feb 18, 2026