CVE-2015-2279

Name of the Vulnerable Software and Affected Versions AirLive BU-2015 version 1.03.18 AirLive BU-3026 version 1.43 AirLive MD-3025 version 1.81

Description The issue allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write mac, write pid, write msn, write tan, or write hdv parameter. This is due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of the issue may allow a remote attacker to execute arbitrary OS commands using shell metacharacters.

Recommendations For AirLive BU-2015 version 1.03.18, consider disabling the cgi test.cgi script until a patch is available. For AirLive BU-3026 version 1.43, restrict access to the write mac, write pid, write msn, write tan, and write hdv parameters in the cgi test.cgi script to minimize the risk of exploitation. For AirLive MD-3025 version 1.81, avoid using the write mac, write pid, write msn, write tan, and write hdv parameters in the cgi test.cgi script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.