Vulnerability-Lookup

CVE-2017-9828 (GCVE-0-2017-9828)

Vulnerability from cvelistv5 – Published: 2017-06-23 22:00 – Updated: 2024-09-16 19:35

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2017-9828

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9828

Aliases

CVE-2017-9828

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9828",
    "description": "\u0027/cgi-bin/admin/testserver.cgi\u0027 of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.",
    "id": "GSD-2017-9828"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9828"
      ],
      "details": "\u0027/cgi-bin/admin/testserver.cgi\u0027 of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.",
      "id": "GSD-2017-9828",
      "modified": "2023-12-13T01:21:07.273180Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-9828",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\u0027/cgi-bin/admin/testserver.cgi\u0027 of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras",
            "refsource": "MISC",
            "url": "https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:vivotek:network_camera_ib8369_firmware:ib8369-vvtk-0102a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:vivotek:network_camera_ib8369:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:vivotek:network_camera_fd8164_firmware:fd8164-_vvtk-0200b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:vivotek:network_camera_fd8164:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:vivotek:network_camera_fd816ba_firmware:fd816ba-vvtk-010101.:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:vivotek:network_camera_fd816ba:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9828"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\u0027/cgi-bin/admin/testserver.cgi\u0027 of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-06-23T22:29Z"
    }
  }
}

VAR-201706-1009

Vulnerability from variot - Updated: 2025-04-20 20:16

'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter. VIVOTEKNetworkCameras IB8369, FD8164 and FD816BA are all network camera products of China VIVOTEK. A security vulnerability exists in the /cgi-bin/admin/testserver.cgi file for Web services in VIVOTEKNetworkCamerasIB8369, FD8164, and FD816BA

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-1009",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "network camera fd816ba",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vivotek",
        "version": "fd816ba-vvtk-010101."
      },
      {
        "model": "network camera fd8164",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vivotek",
        "version": "fd8164-_vvtk-0200b"
      },
      {
        "model": "network camera ib8369",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vivotek",
        "version": "ib8369-vvtk-0102a"
      },
      {
        "model": "network camera fd8164",
        "scope": null,
        "trust": 0.8,
        "vendor": "vivotek",
        "version": null
      },
      {
        "model": "network camera fd816ba",
        "scope": null,
        "trust": 0.8,
        "vendor": "vivotek",
        "version": null
      },
      {
        "model": "network camera ib8369",
        "scope": null,
        "trust": 0.8,
        "vendor": "vivotek",
        "version": null
      },
      {
        "model": "ib8369",
        "scope": null,
        "trust": 0.6,
        "vendor": "vivotek",
        "version": null
      },
      {
        "model": "fd8164",
        "scope": null,
        "trust": 0.6,
        "vendor": "vivotek",
        "version": null
      },
      {
        "model": "fd816ba",
        "scope": null,
        "trust": 0.6,
        "vendor": "vivotek",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1061"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9828"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:vivotek:network_camera_fd8164_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:vivotek:network_camera_fd816ba_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:vivotek:network_camera_ib8369_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      }
    ]
  },
  "cve": "CVE-2017-9828",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-9828",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-12593",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-118031",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-9828",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-9828",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-9828",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-12593",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-1061",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118031",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-9828",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118031"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1061"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9828"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "\u0027/cgi-bin/admin/testserver.cgi\u0027 of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter. VIVOTEKNetworkCameras IB8369, FD8164 and FD816BA are all network camera products of China VIVOTEK. A security vulnerability exists in the /cgi-bin/admin/testserver.cgi file for Web services in VIVOTEKNetworkCamerasIB8369, FD8164, and FD816BA",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118031"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9828"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-9828",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1061",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-12593",
        "trust": 0.6
      },
      {
        "db": "OTHER",
        "id": "NONE",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-118031",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9828",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118031"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1061"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9828"
      }
    ]
  },
  "id": "VAR-201706-1009",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118031"
      }
    ],
    "trust": 1.70625
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "camera device"
        ],
        "sub_category": "camera",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      }
    ]
  },
  "last_update_date": "2025-04-20T20:16:44.603000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "VIVOTEK Network Cameras",
        "trust": 0.8,
        "url": "http://www.vivotek.com/network-cameras/#type-filter:path=default|resolution-filter:path=default|snv-filter:path=default|wdr-filter:path=default|lens-filter:path=default|ir-filter:path=default|environment-filter:path=default|views:view=jplist-grid-view"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-77",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9828"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://blog.cal1.cn/post/an%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9828"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9828"
      },
      {
        "trust": 0.1,
        "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118031"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1061"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9828"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118031"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1061"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9828"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      },
      {
        "date": "2017-06-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118031"
      },
      {
        "date": "2017-06-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-9828"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      },
      {
        "date": "2017-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1061"
      },
      {
        "date": "2017-06-23T22:29:00.163000",
        "db": "NVD",
        "id": "CVE-2017-9828"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-12593"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118031"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-9828"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1061"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-9828"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1061"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  VIVOTEK Network Camera Product  Web Service of  /cgi-bin/admin/testserver.cgi Vulnerable to shell command insertion",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005190"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1061"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-9828

Vulnerability from fkie_nvd - Published: 2017-06-23 22:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cve@mitre.org	https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras	Third Party Advisory

Impacted products

Vendor	Product	Version
vivotek	network_camera_ib8369_firmware	ib8369-vvtk-0102a
vivotek	network_camera_ib8369	-
vivotek	network_camera_fd8164_firmware	fd8164-_vvtk-0200b
vivotek	network_camera_fd8164	-
vivotek	network_camera_fd816ba_firmware	fd816ba-vvtk-010101.
vivotek	network_camera_fd816ba	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:vivotek:network_camera_ib8369_firmware:ib8369-vvtk-0102a:*:*:*:*:*:*:*",
              "matchCriteriaId": "02C5DB13-2631-42A1-9D33-109626D9B2AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:vivotek:network_camera_ib8369:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CED8977-65CE-47C7-B62D-D604429BF3DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:vivotek:network_camera_fd8164_firmware:fd8164-_vvtk-0200b:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEDC585B-65BF-4A18-96A3-440A45B5527B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:vivotek:network_camera_fd8164:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D8DD51-8504-493F-A8A2-D260D785903E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:vivotek:network_camera_fd816ba_firmware:fd816ba-vvtk-010101.:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E8D766-0F98-4FDB-95AA-C48B5991DED5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:vivotek:network_camera_fd816ba:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C83867F-EEC1-4C38-90F7-FB32DAB32455",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\u0027/cgi-bin/admin/testserver.cgi\u0027 of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter."
    },
    {
      "lang": "es",
      "value": "\u0027/cgi-bin/admin/testserver.cgi\u0027 del servicio web en la mayor\u00eda de las VIVOTEK Network Cameras es vulnerable a la inyecci\u00f3n de un comando shell, lo que permite a un atacante remoto ejecutar cualquier comando shell como si fuera root mediante una solicitud HTTP manipulada. Esta vulnerabilidad ya esta verificada en VIVOTEK Network Camera IB8369/FD8164/FD816BA; muchas de las otras tienen un firmware similar que puede ser afectado. Un ataque usa metacaracteres shell en el par\u00e1metro sendremail."
    }
  ],
  "id": "CVE-2017-9828",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-23T22:29:00.163",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MCP7-747P-3H68

Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-9828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-23T22:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "\u0027/cgi-bin/admin/testserver.cgi\u0027 of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.",
  "id": "GHSA-mcp7-747p-3h68",
  "modified": "2022-05-13T01:48:09Z",
  "published": "2022-05-13T01:48:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9828"
    },
    {
      "type": "WEB",
      "url": "https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-12593

Vulnerability from cnvd - Published: 2017-07-04

Title

VIVOTEK Network Cameras IB8369、FD8164和FD816BA存在漏洞

Description

VIVOTEK Network Cameras IB8369、FD8164和FD816BA都是中国晶睿通讯（VIVOTEK）公司的网络摄像机产品。 VIVOTEK Network Cameras IB8369、FD8164和FD816BA中的Web服务的/cgi-bin/admin/testserver.cgi文件存在安全漏洞。攻击者可借助特制的请求利用该漏洞以root权限执行任意的shell命令。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://www.vivotek.com/

Reference

https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras

Impacted products

Name
['Vivotek IB8369', 'Vivotek FD8164', 'Vivotek FD816BA']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9828"
    }
  },
  "description": "VIVOTEK Network Cameras IB8369\u3001FD8164\u548cFD816BA\u90fd\u662f\u4e2d\u56fd\u6676\u777f\u901a\u8baf\uff08VIVOTEK\uff09\u516c\u53f8\u7684\u7f51\u7edc\u6444\u50cf\u673a\u4ea7\u54c1\u3002\r\n\r\nVIVOTEK Network Cameras IB8369\u3001FD8164\u548cFD816BA\u4e2d\u7684Web\u670d\u52a1\u7684/cgi-bin/admin/testserver.cgi\u6587\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u6267\u884c\u4efb\u610f\u7684shell\u547d\u4ee4\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://www.vivotek.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-12593",
  "openTime": "2017-07-04",
  "products": {
    "product": [
      "Vivotek IB8369",
      "Vivotek FD8164",
      "Vivotek FD816BA"
    ]
  },
  "referenceLink": "https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras",
  "serverity": "\u9ad8",
  "submitTime": "2017-06-30",
  "title": "VIVOTEK Network Cameras IB8369\u3001FD8164\u548cFD816BA\u5b58\u5728\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9828 (GCVE-0-2017-9828)

GSD-2017-9828

VAR-201706-1009

FKIE_CVE-2017-9828

GHSA-MCP7-747P-3H68

CNVD-2017-12593

Tags

Sightings

Nomenclature