Sign-up

ID

VAR-201905-0469


CVE

CVE-2019-8387


TITLE

MASTER IPCAMERA01 Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-004440

DESCRIPTION

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component. MASTER IPCAMERA01 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Master IP CAM 01 is a network camera. A command injection vulnerability exists in Master IP CAM 01 version 3.3.4.2103. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

Trust: 1.8

sources: NVD: CVE-2019-8387 // JVNDB: JVNDB-2019-004440 // VULHUB: VHN-159822 // VULMON: CVE-2019-8387

AFFECTED PRODUCTS

vendor:barnimodel:master ip camera01scope:eqversion:3.3.4.2103

Trust: 1.0

vendor:barni carlomodel:master ipcamera01scope:eqversion:3.3.4.2103

Trust: 0.8

sources: JVNDB: JVNDB-2019-004440 // NVD: CVE-2019-8387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8387
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-8387
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201902-725
value: CRITICAL

Trust: 0.6

VULHUB: VHN-159822
value: HIGH

Trust: 0.1

VULMON: CVE-2019-8387
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-8387
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-159822
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8387
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-159822 // VULMON: CVE-2019-8387 // JVNDB: JVNDB-2019-004440 // CNNVD: CNNVD-201902-725 // NVD: CVE-2019-8387

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-159822 // JVNDB: JVNDB-2019-004440 // NVD: CVE-2019-8387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-725

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201902-725

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004440

PATCH
title:Top Pageurl:http://www.barni.it/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004440

EXTERNAL IDS
db:PACKETSTORMid:151725
Trust: 2.6
db:NVDid:CVE-2019-8387
Trust: 2.6
db:EXPLOIT-DBid:46400
Trust: 1.8
db:JVNDBid:JVNDB-2019-004440
Trust: 0.8
db:CNNVDid:CNNVD-201902-725
Trust: 0.7
db:VULHUBid:VHN-159822
Trust: 0.1
db:VULMONid:CVE-2019-8387
Trust: 0.1
sources:
            
            
            VULHUB: VHN-159822 // 
            
            
            
            VULMON: CVE-2019-8387 // 
            
            
            
            JVNDB: JVNDB-2019-004440 // 
            
            
            
            CNNVD: CNNVD-201902-725 // 
            
            
            
            NVD: CVE-2019-8387

REFERENCES
url:http://packetstormsecurity.com/files/151725/master-ip-cam-01-3.3.4.2103-remote-command-execution.html
Trust: 3.3
url:https://syrion.me/blog/
Trust: 1.8
url:https://www.exploit-db.com/exploits/46400/
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8387
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8387
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-159822 // 
            
            
            
            VULMON: CVE-2019-8387 // 
            
            
            
            JVNDB: JVNDB-2019-004440 // 
            
            
            
            CNNVD: CNNVD-201902-725 // 
            
            
            
            NVD: CVE-2019-8387

CREDITS
Raffaele Sabato
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-725

SOURCES
db:VULHUBid:VHN-159822
db:VULMONid:CVE-2019-8387
db:JVNDBid:JVNDB-2019-004440
db:CNNVDid:CNNVD-201902-725
db:NVDid:CVE-2019-8387

LAST UPDATE DATE
2024-11-23T22:55:33.330000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-159822date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-8387date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-004440date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201902-725date:2020-08-25T00:00:00
db:NVDid:CVE-2019-8387date:2024-11-21T04:49:49.237

SOURCES RELEASE DATE
db:VULHUBid:VHN-159822date:2019-05-08T00:00:00
db:VULMONid:CVE-2019-8387date:2019-05-08T00:00:00
db:JVNDBid:JVNDB-2019-004440date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201902-725date:2019-02-18T00:00:00
db:NVDid:CVE-2019-8387date:2019-05-08T14:29:00.547