CVE-2019-8387

CRITICAL EXPLOITED

MASTER IPCAMERA01 <3.3.4.2103 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-8387 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Raffaele Sabato.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in Master IP CAM 3.3.4.2103 by sending crafted HTTP requests to various CGI scripts. The payload is injected via the 'cmd' parameter, allowing remote command execution.

Description

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.

Exploits (1)

exploitdb WORKING POC
by Raffaele Sabato · pythonwebappscgi
https://www.exploit-db.com/exploits/46400

This exploit targets a command injection vulnerability in Master IP CAM 3.3.4.2103 by sending crafted HTTP requests to various CGI scripts. The payload is injected via the 'cmd' parameter, allowing remote command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Master IP CAM 3.3.4.2103
No auth needed
Prerequisites: Network access to the target device · Target device running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/46400/
Third Party Advisory x_refsource_misc
https://syrion.me/blog/

Scores

CVSS v3 9.8
EPSS 0.5572
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-13
Status published
Products (1)
barni/master_ip_camera01_firmware 3.3.4.2103
Published May 08, 2019
Tracked Since Feb 18, 2026