Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the webs.cgi endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-25892.
The specific flaw exists within the webs.cgi endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-25892.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-25-805/ |
![]() ![]() |
History
Tue, 02 Sep 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 02 Sep 2025 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-25892. | |
Title | Vacron Camera ping Command Injection Remote Code Execution Vulnerability | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_0
|

Status: PUBLISHED
Assigner: zdi
Published:
Updated: 2025-09-02T20:09:10.690Z
Reserved: 2025-08-05T20:00:38.587Z
Link: CVE-2025-8613

Updated: 2025-09-02T20:09:08.011Z

Status : Received
Published: 2025-09-02T20:15:39.370
Modified: 2025-09-02T20:15:39.370
Link: CVE-2025-8613

No data.

No data.