CVE-2015-2280

Name of the Vulnerable Software and Affected Versions AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera version FW AIC1620W 1.1.0-12 20120709 r1192.pck

Description The issue allows remote authenticated users to execute arbitrary OS commands. This is achieved by injecting shell metacharacters in the mac parameter of the snwrite.cgi endpoint.

Recommendations For AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera version FW AIC1620W 1.1.0-12 20120709 r1192.pck, consider restricting access to the snwrite.cgi endpoint until a patch is available. As a temporary workaround, avoid using the mac parameter in the snwrite.cgi endpoint to minimize the risk of exploitation.