{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38027", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2023-07-12T00:37:03.717Z", "datePublished": "2023-08-28T03:37:19.941Z", "dateUpdated": "2024-08-02T17:23:27.968Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SpotCam Sense", "vendor": "SPOTCAM CO., LTD.", "versions": [{"status": "affected", "version": "2.2044"}]}], "datePublic": "2023-08-31T01:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.</span>\n\n"}], "value": "\nSpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.\n\n"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "CWE 78 OS Command Injection", "lang": "en"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-08-28T03:37:19.941Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\nUpdate firmware version to \n\n<span style=\"background-color: rgb(255, 255, 255);\">v2.2046</span>\n\n or later.<br>"}], "value": "\n\n\n\n\nUpdate firmware version to \n\nv2.2046\n\n or later.\n"}], "source": {"advisory": "TVN-202308007", "discovery": "EXTERNAL"}, "title": "SpotCam Co., Ltd. SpotCam Sense - Command Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.968Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:myspotcam:sense_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D84520FA-1323-47CE-BFA2-AA0C593A8C42", "versionEndExcluding": "2.2046", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:myspotcam:sense:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC68B2F8-BEBD-4E0A-8565-715481FB854A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nSpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.\n\n"}, {"lang": "es", "value": "La funci\u00f3n oculta Telnet de SpotCam Sense de SpotCam Co. Ltd. tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para ejecutar un ataque de inyecci\u00f3n de comandos para ejecutar comandos arbitrarios del sistema o interrumpir el servicio. "}], "id": "CVE-2023-38027", "lastModified": "2023-08-29T16:24:23.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2023-08-28T04:15:17.160", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}