Headline
CVE-2021-26614: KISA 인터넷 보호나라&KrCERT
ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.
Security Advisory
CVE-2021-26614 | IpTime C200 IP camera remote code execution vulnerability2021.11.15
□ Overview
o EFMNetworks Co.,Ltd released security update to address remote code execution vulnerability in IpTime C200 camara.
Vulnerability Type
Impact
Severity
CVSS Score
CVE ID
Exposed dangerous method
or function
remote code execution
High
7.5
CVE-2021-26614
□ Description
o ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.
□ Affected Product
Product
Version
Platform
IpTime C200 Camera
1.058 or prior
Ubuntu 20.04
□ Solution
o Update firmware over IpTime C200 Camera 1.060 version or higher.
□ Reference
[1] http://iptime.com/iptime/?page_id=126&pageid=1&mod=&keyword=C200&uid=24015
□ Acknowledgements
[1] Thanks to Inhyeong Yi and Jaehyeong Yi for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀
트위터 페이스북