Search
Find a vulnerability
Search criteria
10 vulnerabilities found for tvip_10500_firmware by abus
CVE-2018-17879 (GCVE-0-2018-17879)
Vulnerability from nvd – Published: 2023-10-26 00:00 – Updated: 2024-08-05 11:01
VLAI
Summary
An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:18:31.887Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17879"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17879",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17878 (GCVE-0-2018-17878)
Vulnerability from nvd – Published: 2023-10-26 00:00 – Updated: 2024-08-05 11:01
VLAI
Summary
Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:16:03.229Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17878"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17878",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17559 (GCVE-0-2018-17559)
Vulnerability from nvd – Published: 2023-10-26 00:00 – Updated: 2024-09-11 14:27
VLAI
Summary
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abus | tvip_72500_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:10.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17559"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvip_72500_firmware",
"vendor": "abus",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-17559",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T20:17:20.719165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T14:27:23.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:09:55.388Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17559"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17559",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-09-26T00:00:00.000Z",
"dateUpdated": "2024-09-11T14:27:23.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17558 (GCVE-0-2018-17558)
Vulnerability from nvd – Published: 2023-10-26 00:00 – Updated: 2024-09-11 19:29
VLAI
Summary
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abus | tvip_72500_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:09.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvip_72500_firmware",
"vendor": "abus",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-17558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T19:26:35.581606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T19:29:40.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:06:55.628Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sec.maride.cc/posts/abus/"
},
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17558",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-09-26T00:00:00.000Z",
"dateUpdated": "2024-09-11T19:29:40.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16739 (GCVE-0-2018-16739)
Vulnerability from nvd – Published: 2023-10-26 00:00 – Updated: 2024-09-11 19:33
VLAI
Summary
An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abus | tvip_72500_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:53.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvip_72500_firmware",
"vendor": "abus",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-16739",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T19:31:27.757792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T19:33:34.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:01:58.444Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sec.maride.cc/posts/abus/"
},
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16739",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-09-09T00:00:00.000Z",
"dateUpdated": "2024-09-11T19:33:34.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16739 (GCVE-0-2018-16739)
Vulnerability from cvelistv5 – Published: 2023-10-26 00:00 – Updated: 2024-09-11 19:33
VLAI
Summary
An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abus | tvip_72500_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:53.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvip_72500_firmware",
"vendor": "abus",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-16739",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T19:31:27.757792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T19:33:34.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:01:58.444Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sec.maride.cc/posts/abus/"
},
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16739",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-09-09T00:00:00.000Z",
"dateUpdated": "2024-09-11T19:33:34.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17558 (GCVE-0-2018-17558)
Vulnerability from cvelistv5 – Published: 2023-10-26 00:00 – Updated: 2024-09-11 19:29
VLAI
Summary
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abus | tvip_72500_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:09.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvip_72500_firmware",
"vendor": "abus",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-17558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T19:26:35.581606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T19:29:40.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:06:55.628Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sec.maride.cc/posts/abus/"
},
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17558",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-09-26T00:00:00.000Z",
"dateUpdated": "2024-09-11T19:29:40.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17879 (GCVE-0-2018-17879)
Vulnerability from cvelistv5 – Published: 2023-10-26 00:00 – Updated: 2024-08-05 11:01
VLAI
Summary
An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:18:31.887Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17879"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17879",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17878 (GCVE-0-2018-17878)
Vulnerability from cvelistv5 – Published: 2023-10-26 00:00 – Updated: 2024-08-05 11:01
VLAI
Summary
Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:16:03.229Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17878"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17878",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17559 (GCVE-0-2018-17559)
Vulnerability from cvelistv5 – Published: 2023-10-26 00:00 – Updated: 2024-09-11 14:27
VLAI
Summary
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abus | tvip_72500_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:10.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"tags": [
"x_transferred"
],
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17559"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvip_72500_firmware",
"vendor": "abus",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-17559",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T20:17:20.719165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T14:27:23.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:09:55.388Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen"
},
{
"url": "https://sec.maride.cc/posts/abus/#cve-2018-17559"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17559",
"datePublished": "2023-10-26T00:00:00.000Z",
"dateReserved": "2018-09-26T00:00:00.000Z",
"dateUpdated": "2024-09-11T14:27:23.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}