CVE-2018-10660

critical-risk

Published 2018-06-26

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.

Do I need to act?

91.1% chance of exploitation in next 30 days

EPSS score — higher than 9% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45100

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

A1001 Firmware

A8004-V Firmware

A8105-E Firmware

A9161 Firmware

A9188 Firmware

A9188-V Firmware

C1004-E Firmware

C2005 Firmware

C3003-E Firmware

C8033 Firmware

Companion Bullet Le Firmware

Companion C360 Firmware

Companion Cube L Firmware

Companion Cube Lw Firmware

Companion Dome V Firmware

Companion Dome Wv Firmware

Companion Eye L Firmware

Companion Eye Lve Firmware

Companion Recorder 4Ch Firmware

Companion Recorder 8Ch Firmware

Affected Vendors

Axis

References (8)

Exploit https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-a...

Vendor Advisory https://www.axis.com/files/faq/Advisory_ACV-128401.pdf

Vendor Advisory https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf

Exploit https://www.exploit-db.com/exploits/45100/

Exploit https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-a...

Vendor Advisory https://www.axis.com/files/faq/Advisory_ACV-128401.pdf

Vendor Advisory https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf

Exploit https://www.exploit-db.com/exploits/45100/

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 33/34 · Critical