PT-2022-25539 · Unknown · Mipc Camera Firmware

Joshua Wang

Published

2022-09-26

Updated

2023-08-08

CVE-2022-40785

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mIPC camera firmware version 5.3.1.2003161406

Description Unsanitized input when setting a locale file leads to shell injection in the firmware. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app.

Recommendations For mIPC camera firmware version 5.3.1.2003161406, consider disabling the locale file setting feature until a patch is available to prevent shell injection and potential remote code execution.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2022-40785

Affected Products

Mipc Camera Firmware

PT-2022-25539 · Unknown · Mipc Camera Firmware

CVE-2022-40785

Weakness Enumeration

Related Identifiers

Affected Products

References · 5