Vulnerabilities > CVE-2021-26614 - Unspecified vulnerability in Iptime C200 Firmware 1.0.12

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

iptime

critical

NVD

Published: 2021-11-22

Updated: 2021-11-26

Summary

ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.

Vulnerable Configurations

Part	Description	Count
OS	Iptime Iptime C200 Firmware 1.0.12	1
Hardware	Iptime Iptime C200 -	1

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36346