PT-2019-12734 · Vstarcam · Vstarcam 200V+1
Published
2019-05-23
·
Updated
2020-08-24
·
CVE-2019-12289
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VStarcam 100T (C7824WIP) versions CH-sys-48.53.75.119 through CH-sys-48.53.75.123
VStarcam 200V (C38S) versions CH-sys-48.53.203.119 through CH-sys-48.53.203.123
Description
A remote command execution issue was found in the
upgrade firmware.cgi script. This allows an attacker to execute commands without authentication during a system firmware update. The attacker can modify internal firmware files or steal account information by executing commands.Recommendations
For VStarcam 100T (C7824WIP) versions CH-sys-48.53.75.119 through CH-sys-48.53.75.123, consider restricting access to the
upgrade firmware.cgi script until a patch is available.
For VStarcam 200V (C38S) versions CH-sys-48.53.203.119 through CH-sys-48.53.203.123, consider restricting access to the upgrade firmware.cgi script until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this issue.Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vstarcam 100T
Vstarcam 200V