CVE-2015-8257

The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
References
Link Resource
https://www.exploit-db.com/exploits/40171/ Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/92159 Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:axis:network_camera_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:axis:fixed_box_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fixed_bullet_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fixed_dome_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:modular_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:explosion-protected_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:onboard_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:ptz_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:cannon_network_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:panoramic_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:thermal_camera:-:*:*:*:*:*:*:*

Information

Published : 2017-05-02 07:59

Updated : 2017-05-16 08:27


NVD link : CVE-2015-8257

Mitre link : CVE-2015-8257


JSON object : View

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

dedicated server usa

Products Affected

axis

  • explosion-protected_camera
  • fixed_box_camera
  • fixed_dome_camera
  • modular_camera
  • network_camera_firmware
  • ptz_camera
  • onboard_camera
  • thermal_camera
  • panoramic_camera
  • fixed_bullet_camera
  • cannon_network_camera