AirLive Multiple Products OS Command Injection (Jul 2015) - Active Check (CVE-2015-2279, CVE-2014-8389)
收藏pentest-tools.com2025-03-25 收录
下载链接:
https://pentest-tools.com/vulnerabilities-exploits/undefined
下载链接
链接失效反馈官方服务:
资源简介:
There is an OS Command Injection in the cgi_test.cgi binary file in the AirLive MD-3025, BU-3026 and BU-2015 cameras when handling certain parameters. That specific CGI file can be requested without authentication, unless the user specified in the configuration of the camera that every communication should be performed over HTTPS (not enabled by default).
AirLive MD-3025、BU-3026及BU-2015型号摄像头在处理特定参数时,其cgi_test.cgi二进制文件存在操作系统命令注入漏洞。该特定的CGI文件无需身份验证即可请求,除非用户在摄像头配置中指定所有通信均应通过HTTPS进行(默认未启用)。
提供机构:
pentest-tools.com
