Command Injection Vulnerability in Vivotek IB8367A Camera
CVE-2024-7443

9.8CRITICAL

Key Information:

Vendor

Vivotek

Status
Ib8367a
Vendor
CVE Published:
3 August 2024

What is CVE-2024-7443?

A serious security flaw has been identified in the Vivotek IB8367A IP camera model, specifically within the upload_file.cgi function. This vulnerability allows an attacker to manipulate the QUERY_STRING argument, leading to potential command injection. As the affected version (VVTK-0100b) has reached its end-of-life status and is no longer supported by Vivotek, users are highly encouraged to migrate to supported alternatives to mitigate the risk of remote exploitations, which can compromise device integrity and expose sensitive information.

Affected Version(s)

IB8367A VVTK-0100b

References

https://vuldb.com/?id.273528
vdb-entrytechnical-description
https://vuldb.com/?ctiid.273528
signaturepermissions-required
https://vuldb.com/?submit.383844
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

jylsec (VulDB User)
.