Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2014-8389

Published: 28/12/2017 Updated: 09/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Airlive

Vulnerability Summary

cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote malicious users to obtain user credentials via crafted HTTP requests.

Vulnerable Product Search on Vulmon Subscribe to Product

airlive bu-3026_firmware 1.43_21.08.2014

airlive md-3025_firmware 1.81_21.08.2014

airlive wl-2000cam_firmware lm.1.6.18_14.10.2011

airlive poe-200cam_v2_firmware lm.1.6.17.01

airlive bu-2015_firmware 1.03.18_16.06.2014

Exploits

Exploit DB: AirLive Remote Command Injection
Core Security Technologies Advisory - AirLive MD-3025, BU-3026, BU-2015, WL-2000CAM, and POE-200CAM are IP cameras designed for professional surveillance and security applications The built-in IR LEDs provide high quality nighttime monitoring These AirLive devices are vulnerable to an OS Command Injection Vulnerability In the case of the MD-3025 ...

References

CWE-78https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injectionhttp://www.securityfocus.com/bid/75559http://seclists.org/fulldisclosure/2015/Jul/29http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.htmlhttp://www.securityfocus.com/archive/1/535938/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook