CVE-2020-7879

Name of the Vulnerable Software and Affected Versions: ipTIME C200 IP Camera (affected versions not specified) ipTIME NAS (affected versions not specified)

Description: This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. The ipTIME NAS sends and sets a cookie using setCookie('[COOKIE]'), and the value is transferred to the --header option in the wget binary without any validation check. This allows remote attackers to execute remote commands.

Recommendations: For ipTIME C200 IP Camera, consider disabling the synchronization feature with the ipTIME NAS until a patch is available. For ipTIME NAS, restrict the use of the setCookie function to minimize the risk of exploitation. Avoid using the wget binary with unvalidated input from the ipTIME NAS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.