Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'P1354 firmware'
2018-04-01
CVE-2018-9156
CWE-434
** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality.
>>>
Vendor:
AXIS
37
Produkty
700 network document server
Storpoint cd
2100 network camera
2110 network camera
2120 network camera
Neteye 200
Neteye 200+
2130 ptz network camera
2400 video server
2401 video server
2420 network camera
2460 network dvr
250s video server
230 mpeg2 video server
2411 video server
2420 video server
2490 serial server
2420-ir network camera
Panorama ptz camera
207w camera
207w network camera
Axis camera control
Device manager
2100 network camera firmware
M1054 network camera
M10 series network cameras firmware
Media control activex control
Axis communications firmware
Network camera firmware
P1354 firmware
M1033-w firmware
P1325-z firmware
Q1910-e firmware
Axis os
Axis os 2016
Axis os 2018
Axis os 2020
Copyright
2024
, cxsecurity.com
Back to Top