CVE-2019-15498

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:getvera:vera_edge_firmware:1.7.4452:*:*:*:*:*:*:*
cpe:2.3:h:getvera:vera_edge:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-08-23 04:15

Updated : 2024-02-04 20:20


NVD link : CVE-2019-15498

Mitre link : CVE-2019-15498

CVE.ORG link : CVE-2019-15498


JSON object : View

Products Affected

getvera

  • vera_edge
  • vera_edge_firmware
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')