CVE-2018-17879

critical-risk

Published 2023-10-26

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

Do I need to act?

48.7% chance of exploitation in next 30 days

EPSS score — higher than 51% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Tvip 10000 Firmware

Tvip 10001 Firmware

Tvip 10005 Firmware

Tvip 10005A Firmware

Tvip 10005B Firmware

Tvip 10050 Firmware

Tvip 10051 Firmware

Tvip 10055A Firmware

Tvip 10055B Firmware

Tvip 10500 Firmware

Tvip 10550 Firmware

Tvip 11000 Firmware

Tvip 11050 Firmware

Tvip 11500 Firmware

Tvip 11501 Firmware

Tvip 11502 Firmware

Tvip 11550 Firmware

Tvip 11551 Firmware

Tvip 11552 Firmware

Tvip 20000 Firmware

Affected Vendors

Abus

References (4)

Exploit https://sec.maride.cc/posts/abus/#cve-2018-17879

Third Party Advisory https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-er...

Exploit https://sec.maride.cc/posts/abus/#cve-2018-17879

Third Party Advisory https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-er...

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 18/34 · Moderate

Exposure 25/34 · High