CVE-2020-7848

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

Summary:

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

Reference Links(if available):

  • https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35905
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)