PT-2024-8353 · Unknown · Mipc Camera
Joern
·
Published
2024-03-17
·
Updated
2024-09-20
·
CVE-2024-39091
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MIPC Camera firmware versions prior to 5.4.1.240424171021
Description
The issue is related to an OS command injection vulnerability in the ccm debug component. This vulnerability can be exploited by sending a crafted HTTP request, allowing an attacker to execute arbitrary commands. The vulnerability is critical and may put millions of devices at risk.
Recommendations
For MIPC Camera firmware versions prior to 5.4.1.240424171021, update the firmware to version 5.4.1.240424171021 or later to resolve the issue. As a temporary workaround, consider restricting access to the ccm debug component until a patch is applied. Avoid using the vulnerable component until the issue is resolved.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mipc Camera