The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/92159 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/40171/ | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/92159 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/40171/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 02:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/92159 - Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/40171/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2017-05-02 14:59
Updated : 2024-11-21 02:38
NVD link : CVE-2015-8257
Mitre link : CVE-2015-8257
CVE.ORG link : CVE-2015-8257
JSON object : View
Products Affected
axis
- ptz_camera
- thermal_camera
- fixed_box_camera
- explosion-protected_camera
- fixed_bullet_camera
- panoramic_camera
- cannon_network_camera
- modular_camera
- fixed_dome_camera
- network_camera_firmware
- onboard_camera
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')