An issue exists in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vstarcam c7824iwp_firmware kr75.8.53.20 |
||
vstracm c38s_firmware kr203.18.1.20 |