CVE-2015-8257

The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
References
Link Resource
http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/92159 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/40171/ Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/92159 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/40171/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:axis:network_camera_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:axis:cannon_network_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:explosion-protected_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fixed_box_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fixed_bullet_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fixed_dome_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:modular_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:onboard_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:panoramic_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:ptz_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:thermal_camera:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:38

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/92159 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/92159 - Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/40171/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/40171/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2017-05-02 14:59

Updated : 2024-11-21 02:38


NVD link : CVE-2015-8257

Mitre link : CVE-2015-8257

CVE.ORG link : CVE-2015-8257


JSON object : View

Products Affected

axis

  • ptz_camera
  • thermal_camera
  • fixed_box_camera
  • explosion-protected_camera
  • fixed_bullet_camera
  • panoramic_camera
  • cannon_network_camera
  • modular_camera
  • fixed_dome_camera
  • network_camera_firmware
  • onboard_camera
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')