o EFMNetworks Co.,Ltd released security update to address command injection vulnerability in ipTIME C200 IP Camera.
|OS command injection
||remote command injection
oThis issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS.
o It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') .
o The value is transferred to the --header option in wget binary, and there is no validation check.
This vulnerability allows remote attackers to execute remote command.
□ Affected Product
|ipTIME C200 IP camera
o Update firmware of ipTIME C200 IP Camera 1.036 version or higher.
o Thanks to Jeongun Baek for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀