□ Overview
o EFMNetworks Co.,Ltd released security update to address remote code execution vulnerability in IpTime C200 camara.
Vulnerability
Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
Exposed dangerous method
or function |
remote code execution |
High |
7.5 |
CVE-2021-26614 |
□ Description
o ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.
□ Affected Product
Affected Product
Product |
Version |
Platform |
IpTime C200 Camera |
1.058 or prior |
Ubuntu 20.04 |
□ Solution
o Update firmware over IpTime C200 Camera 1.060 version or higher.
□ Reference
[1] http://iptime.com/iptime/?page_id=126&pageid=1&mod=&keyword=C200&uid=24015
□ Acknowledgements
[1] Thanks to Inhyeong Yi and Jaehyeong Yi for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |