Description
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.
Problem types
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Product status
0100a (custom)
0106a (custom)
0106b (custom)
0107a (custom)
0107b_1 (custom)
0109a (custom)
0112a (custom)
0113a (custom)
0113d (custom)
0117b (custom)
0119e (custom)
0120b (custom)
0121 (custom)
0121d (custom)
0121d_48573_1 (custom)
0122e (custom)
0124d_48573_1 (custom)
012501 (custom)
012502 (custom)
0125c (custom)
Credits
Larry W. Cashdollar
References
www.vapidlabs.com/advisory.php?v=220
www.akamai.com/...ction-vivotek-legacy-firmware-need-to-know