'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-16T19:35:20.210Z

Reserved: 2017-06-23T00:00:00Z

Link: CVE-2017-9828

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-06-23T22:29:00.163

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-9828

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.