CVE-2020-7879
HIGHipTIME C200 Firmware < 1.0.16 - OS Command Injection via wget Header Option
Title source: llmDescription
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365
Scores
CVSS v3
8.8
EPSS
0.0140
EPSS Percentile
69.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
iptime/c200_firmware
< 1.0.16
Published
Nov 30, 2021
Tracked Since
Feb 18, 2026