CVE-2023-5677— AXIS M3024 代码注入漏洞

N/A

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Please refer to the Axis security advisory for more information and solution.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

AXIS M3024 代码注入漏洞

AXIS M7014是一个视频解码器。AXIS M3024是一款网络摄像头。 Axis M3024-L M3025-VE M7014等存在安全漏洞，该漏洞源于VAPIX API tcptest.cgi没有足够的输入验证，允许远程代码执行。

N/A

N/A