cpe:2.3:o:zavio:f312a_firmware:1.6.03:*:*:*:*:*:*:*
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.
Max CVSS
9.8
EPSS Score
90.68%
Published
2020-01-29
Updated
2020-02-01
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.
Max CVSS
7.5
EPSS Score
86.00%
Published
2020-01-29
Updated
2020-02-01
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
Max CVSS
10.0
EPSS Score
91.70%
Published
2020-01-29
Updated
2020-02-01
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
Max CVSS
7.5
EPSS Score
86.21%
Published
2020-01-29
Updated
2020-02-01
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!