Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-22T20:00:00
Updated: 2024-08-05T08:52:50.548Z
Reserved: 2018-07-03T00:00:00
Link: CVE-2018-13114
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-10-22T20:29:00.287
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-13114
Redhat
No data.