CVE-2017-5173

EPSS 29.6%CWE-78

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 29.6%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

15 feb 2017PoC pública

19 may 2017Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.

Productos afectados

n/a · Geutebruck IP Cameras

PoCs públicas encontradas — 2

cve_referencewww.exploit-db.com/exploits/41360/no verificado exploitdbwww.exploit-db.com/exploits/41360no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02 https://www.exploit-db.com/exploits/41360/http://www.securityfocus.com/bid/96209