CVE-2022-40785
HIGHmIPC Camera Firmware 5.3.1.2003161406 - Remote Code Execution via Locale File Input
Title source: llmDescription
Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app.
References (2)
Core 2
Core References
Various Sources
https://hackmd.io/@_zOX-PXQQFmCETA_RZIgow/BkOhIU1oc
Various Sources x_refsource_misc
https://hackmd.io/%40_zOX-PXQQFmCETA_RZIgow/BkOhIU1oc
Scores
CVSS v3
8.8
EPSS
0.0196
EPSS Percentile
77.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
mipcm/mipc_camera_firmware
5.3.1.2003161406
Published
Sep 26, 2022
Tracked Since
Feb 18, 2026