Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection
CVE-2024-7616

9.8CRITICAL

Key Information:

Vendor

Edimax

Status
Ic-6220dc
Ic-5150w
Vendor
CVE Published:
12 August 2024

What is CVE-2024-7616?

A command injection vulnerability has been identified in Edimax IP cameras, specifically impacting the cgiFormString function found in the ipcam_cgi file. This vulnerability allows for the manipulation of the 'host' argument, potentially leading to exploitative command execution on the device. This security flaw raises serious concerns as it can provide an unauthorized party the ability to execute arbitrary commands. The vendor was contacted regarding this issue but has not provided a response or a patch as of yet, leaving users at risk of potential attacks.

Affected Version(s)

IC-5150W 3.06

IC-6220DC 3.06

References

https://vuldb.com/?id.273986
vdb-entrytechnical-description
https://vuldb.com/?ctiid.273986
signaturepermissions-required
https://vuldb.com/?submit.383845
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jylsec (VulDB User)
.