An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.
References
Link | Resource |
---|---|
http://f1security.co.kr/cve/cve_190314.htm | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-23T17:52:33
Updated: 2019-05-23T17:52:33
Reserved: 2019-05-22T00:00:00
Link: CVE-2019-12289
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-05-23T18:29:01.590
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-12289
JSON object: View
Redhat Information
No data.
CWE