Versio.io

CVE-2018-3937

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 14-08-2018 09:29
Last modified: - 19-04-2022 08:15
Total changes: - 2

Description

An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
High
Privileges required
Unchanged
Scope
None
User interaction
7.2
Base score
1.2
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=sony AND product=snc-eb600_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-eb600 AND version=-
AND
OR
vendor=sony AND product=snc-eb630_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-eb630 AND version=-
AND
OR
vendor=sony AND product=snc-eb600b_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-eb600b AND version=-
AND
OR
vendor=sony AND product=snc-eb630b_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-eb630b AND version=-
AND
OR
vendor=sony AND product=snc-eb602r_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-eb602r AND version=-
AND
OR
vendor=sony AND product=snc-eb632r_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-eb632r AND version=-
AND
OR
vendor=sony AND product=snc-em600_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-em600 AND version=-
AND
OR
vendor=sony AND product=snc-em601_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-em601 AND version=-
AND
OR
vendor=sony AND product=snc-em630_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-em630 AND version=-
AND
OR
vendor=sony AND product=snc-em631_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-em631 AND version=-
AND
OR
vendor=sony AND product=snc-em602r_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-em602r AND version=-
AND
OR
vendor=sony AND product=snc-em632r_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-em632r AND version=-
AND
OR
vendor=sony AND product=snc-em602rc_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-em602rc AND version=-
AND
OR
vendor=sony AND product=snc-em632rc_firmware AND version=1.87.00
OR
vendor=sony AND product=snc-em632rc AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2018-3937

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.