Command Injection Flaw in Pelco Sarix Enhanced Cameras
CVE-2018-7826

8.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Pelco Sarix Enhanced And Spectra Enhanced, Pelco Sarix Enhanced 1st Generation And Spectra Enhanced Ptz
Vendor: CVE Published:; 22 May 2019

Summary

The Pelco Sarix Enhanced Cameras have a vulnerability in their web-based graphical user interface that exposes them to command injection attacks. This flaw allows remote attackers to execute arbitrary commands on the camera, potentially compromising the security and functionality of the device. Proper security measures should be adopted to mitigate the risks associated with this vulnerability.

Affected Version(s)

Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ Pelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2019
Vulnerability Reserved
Mar 8, 2018