본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7848 | EFM ipTIME C200 IP Camera command injection vulnerability2021.02.16
□ Overview
 o EFM networks & multimedia released security update to address command injection vulnerability in ipTIME C200 IP Camera.
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper Input Validation Arbitrary command
execution
High 8.0 CVE-2020-7848
 
□ Description
 o The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script.
 o  To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS command via value.

□ Affected Product
Product Version Platform
EFM ipTIME C200 IP Camera firmware v.1.0.12 Windows
 
□ Solution
 o Update firmware over version 1.0.20
 
□ Reference site
[1] http://iptime.com/iptime/?pageid=1&page_id=126&dfsid=19&dftid=541&uid=22359&mod=document
 
□ Acknowledgements
 o Thanks to JaeHyung Lee, InHyung Lee for reporting this vulnerability
 


□ 작성 : 침해사고분석단 취약점분석팀