CVE-2019-17101
MEDIUMNetatmo Smart Indoor Camera Firmware < 4.2.5 - OS Command Injection
Title source: llmDescription
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
https://labs.bitdefender.com/2020/04/cracking-the-netatmo-smart-indoor-security-camera/
Scores
CVSS v3
5.7
EPSS
0.0081
EPSS Percentile
52.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Details
CWE
CWE-77
Status
published
Products (1)
netatmo/smart_indoor_camera_firmware
< 4.2.5
Published
Apr 23, 2020
Tracked Since
Feb 18, 2026