An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.
2018-08-14T19:29:01.027
2024-11-21T04:06:20.387
Modified
CVSSv3.0: 9.1 (CRITICAL)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | sony | snc-eb600_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-eb600 | - | No |
| Operating System | sony | snc-eb630_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-eb630 | - | No |
| Operating System | sony | snc-eb600b_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-eb600b | - | No |
| Operating System | sony | snc-eb630b_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-eb630b | - | No |
| Operating System | sony | snc-eb602r_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-eb602r | - | No |
| Operating System | sony | snc-eb632r_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-eb632r | - | No |
| Operating System | sony | snc-em600_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-em600 | - | No |
| Operating System | sony | snc-em601_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-em601 | - | No |
| Operating System | sony | snc-em630_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-em630 | - | No |
| Operating System | sony | snc-em631_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-em631 | - | No |
| Operating System | sony | snc-em602r_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-em602r | - | No |
| Operating System | sony | snc-em632r_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-em632r | - | No |
| Operating System | sony | snc-em602rc_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-em602rc | - | No |
| Operating System | sony | snc-em632rc_firmware | 1.87.00 | Yes |
| Hardware | sony | snc-em632rc | - | No |