cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Airlive
  • Md-3025
  • Bu-3026
  • Bu-3026 Firmware
  • Md-3025 Firmware
  • Bu-2015
  • Wl-2000cam Firmware
  • Wl-2000cam
  • Bu-2015 Firmware
  • Poe-200cam V2 Firmware
  • Poe-200cam V2

Configuration 1 [-]

AND
cpe:2.3:o:airlive:bu-3026_firmware:1.43_21.08.2014:*:*:*:*:*:*:*
cpe:2.3:h:airlive:bu-3026:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:airlive:md-3025_firmware:1.81_21.08.2014:*:*:*:*:*:*:*
cpe:2.3:h:airlive:md-3025:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:airlive:wl-2000cam_firmware:lm.1.6.18_14.10.2011:*:*:*:*:*:*:*
cpe:2.3:h:airlive:wl-2000cam:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:airlive:poe-200cam_v2_firmware:lm.1.6.17.01:*:*:*:*:*:*:*
cpe:2.3:h:airlive:poe-200cam_v2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:airlive:bu-2015_firmware:1.03.18_16.06.2014:*:*:*:*:*:*:*
cpe:2.3:h:airlive:bu-2015:-:*:*:*:*:*:*:*
References
Link Resource
http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.html Exploit Mitigation Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2015/Jul/29 Exploit Mailing List Mitigation Third Party Advisory
http://www.securityfocus.com/archive/1/535938/100/0/threaded
http://www.securityfocus.com/bid/75559 Exploit Mitigation Third Party Advisory VDB Entry
https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Exploit Mitigation Technical Description Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-27T18:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2014-10-22T00:00:00

Link: CVE-2014-8389

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2017-12-28T02:29:03.113

Modified: 2018-10-09T19:53:54.480

Link: CVE-2014-8389

JSON object: View

cve-icon Redhat Information

No data.

CWE