CVE-2018-17879

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.maride.cc/posts/abus/#cve-2018-17879	Exploit Third Party Advisory
https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen	Third Party Advisory
https://sec.maride.cc/posts/abus/#cve-2018-17879	Exploit Third Party Advisory
https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10001:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10005:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10005a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10005b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10050:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10051:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10055a:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10055b:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10500:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_10550:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_11000:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_11050:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_11500:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_11501:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_11502:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_11550:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_11551:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_11552:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_20000:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_20050:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_20500:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_20550:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_21000:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_21050:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_21500:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_21501:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_21502:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_21550:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_21551:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_21552:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_22500:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_31000:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_31001:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_31050:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_31500:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_31501:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_31550:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_31551:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_32500:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_51500:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_51550:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_71500:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_71501:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_71550:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_71551:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND

cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:tvip_72500:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:55

Type	Values Removed	Values Added
References	~~() https://sec.maride.cc/posts/abus/#cve-2018-17879 - Exploit, Third Party Advisory~~	() https://sec.maride.cc/posts/abus/#cve-2018-17879 - Exploit, Third Party Advisory
References	~~() https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen - Third Party Advisory~~	() https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen - Third Party Advisory

07 Nov 2023, 17:03

Type	Values Removed	Values Added
First Time		Abus tvip 10005a Firmware Abus tvip 11551 Firmware Abus tvip 31000 Firmware Abus tvip 10000 Abus tvip 31050 Firmware Abus tvip 71550 Firmware Abus tvip 21501 Abus tvip 20000 Firmware Abus tvip 21000 Firmware Abus tvip 10050 Abus tvip 31501 Firmware Abus tvip 21550 Firmware Abus tvip 21551 Abus tvip 11551 Abus tvip 10005 Abus Abus tvip 21552 Firmware Abus tvip 20550 Abus tvip 51550 Abus tvip 10051 Abus tvip 21050 Firmware Abus tvip 21501 Firmware Abus tvip 31001 Firmware Abus tvip 21551 Firmware Abus tvip 20500 Abus tvip 20050 Firmware Abus tvip 71501 Firmware Abus tvip 10050 Firmware Abus tvip 11050 Abus tvip 22500 Abus tvip 71551 Firmware Abus tvip 31500 Abus tvip 11501 Abus tvip 10005 Firmware Abus tvip 11500 Firmware Abus tvip 11502 Abus tvip 11000 Firmware Abus tvip 21500 Firmware Abus tvip 10005b Abus tvip 32500 Abus tvip 11050 Firmware Abus tvip 10500 Firmware Abus tvip 31001 Abus tvip 10005b Firmware Abus tvip 31550 Abus tvip 31500 Firmware Abus tvip 10500 Abus tvip 10055a Firmware Abus tvip 10055b Firmware Abus tvip 10550 Firmware Abus tvip 51500 Firmware Abus tvip 10001 Firmware Abus tvip 21050 Abus tvip 11501 Firmware Abus tvip 10005a Abus tvip 10051 Firmware Abus tvip 71501 Abus tvip 31050 Abus tvip 11000 Abus tvip 72500 Abus tvip 21502 Firmware Abus tvip 11550 Firmware Abus tvip 72500 Firmware Abus tvip 71500 Abus tvip 10001 Abus tvip 20000 Abus tvip 20550 Firmware Abus tvip 31000 Abus tvip 20050 Abus tvip 10550 Abus tvip 11552 Firmware Abus tvip 31551 Firmware Abus tvip 71550 Abus tvip 10055b Abus tvip 32500 Firmware Abus tvip 10000 Firmware Abus tvip 21502 Abus tvip 51500 Abus tvip 11502 Firmware Abus tvip 21552 Abus tvip 11500 Abus tvip 21550 Abus tvip 31501 Abus tvip 31551 Abus tvip 51550 Firmware Abus tvip 11552 Abus tvip 71551 Abus tvip 31550 Firmware Abus tvip 21000 Abus tvip 10055a Abus tvip 71500 Firmware Abus tvip 20500 Firmware Abus tvip 11550 Abus tvip 22500 Firmware Abus tvip 21500
CPE		cpe:2.3:o:abus:tvip_10055b_firmware:-:::::::* cpe:2.3:o:abus:tvip_31551_firmware:-:::::::* cpe:2.3:h:abus:tvip_71551:-:::::::* cpe:2.3:h:abus:tvip_22500:-:::::::* cpe:2.3:o:abus:tvip_20550_firmware:-:::::::* cpe:2.3:h:abus:tvip_21501:-:::::::* cpe:2.3:h:abus:tvip_11050:-:::::::* cpe:2.3:o:abus:tvip_51550_firmware:-:::::::* cpe:2.3:h:abus:tvip_71500:-:::::::* cpe:2.3:h:abus:tvip_31050:-:::::::* cpe:2.3:o:abus:tvip_31550_firmware:-:::::::* cpe:2.3:h:abus:tvip_51550:-:::::::* cpe:2.3:h:abus:tvip_11550:-:::::::* cpe:2.3:o:abus:tvip_10055a_firmware:-:::::::* cpe:2.3:o:abus:tvip_11501_firmware:-:::::::* cpe:2.3:o:abus:tvip_10050_firmware:-:::::::* cpe:2.3:o:abus:tvip_71551_firmware:-:::::::* cpe:2.3:o:abus:tvip_10550_firmware:-:::::::* cpe:2.3:o:abus:tvip_31050_firmware:-:::::::* cpe:2.3:h:abus:tvip_10000:-:::::::* cpe:2.3:h:abus:tvip_10050:-:::::::* cpe:2.3:h:abus:tvip_32500:-:::::::* cpe:2.3:o:abus:tvip_21551_firmware:-:::::::* cpe:2.3:h:abus:tvip_11500:-:::::::* cpe:2.3:o:abus:tvip_21552_firmware:-:::::::* cpe:2.3:o:abus:tvip_20500_firmware:-:::::::* cpe:2.3:h:abus:tvip_11000:-:::::::* cpe:2.3:h:abus:tvip_10051:-:::::::* cpe:2.3:o:abus:tvip_72500_firmware:-:::::::* cpe:2.3:o:abus:tvip_21050_firmware:-:::::::* cpe:2.3:h:abus:tvip_31001:-:::::::* cpe:2.3:o:abus:tvip_31001_firmware:-:::::::* cpe:2.3:o:abus:tvip_10000_firmware:-:::::::* cpe:2.3:o:abus:tvip_10500_firmware:-:::::::* cpe:2.3:o:abus:tvip_21501_firmware:-:::::::* cpe:2.3:h:abus:tvip_21551:-:::::::* cpe:2.3:h:abus:tvip_10001:-:::::::* cpe:2.3:o:abus:tvip_10005_firmware:-:::::::* cpe:2.3:h:abus:tvip_21550:-:::::::* cpe:2.3:o:abus:tvip_71500_firmware:-:::::::* cpe:2.3:o:abus:tvip_31500_firmware:-:::::::* cpe:2.3:o:abus:tvip_21550_firmware:-:::::::* cpe:2.3:h:abus:tvip_31550:-:::::::* cpe:2.3:h:abus:tvip_11551:-:::::::* cpe:2.3:h:abus:tvip_72500:-:::::::* cpe:2.3:h:abus:tvip_31551:-:::::::* cpe:2.3:h:abus:tvip_21000:-:::::::* cpe:2.3:o:abus:tvip_21000_firmware:-:::::::* cpe:2.3:o:abus:tvip_11552_firmware:-:::::::* cpe:2.3:o:abus:tvip_11550_firmware:-:::::::* cpe:2.3:o:abus:tvip_10001_firmware:-:::::::* cpe:2.3:h:abus:tvip_20550:-:::::::* cpe:2.3:o:abus:tvip_10005b_firmware:-:::::::* cpe:2.3:o:abus:tvip_31000_firmware:-:::::::* cpe:2.3:h:abus:tvip_31501:-:::::::* cpe:2.3:o:abus:tvip_71550_firmware:-:::::::* cpe:2.3:o:abus:tvip_11502_firmware:-:::::::* cpe:2.3:h:abus:tvip_21500:-:::::::* cpe:2.3:h:abus:tvip_20050:-:::::::* cpe:2.3:h:abus:tvip_31000:-:::::::* cpe:2.3:o:abus:tvip_20000_firmware:-:::::::* cpe:2.3:h:abus:tvip_21050:-:::::::* cpe:2.3:h:abus:tvip_71550:-:::::::* cpe:2.3:h:abus:tvip_10005:-:::::::* cpe:2.3:o:abus:tvip_11500_firmware:-:::::::* cpe:2.3:o:abus:tvip_51500_firmware:-:::::::* cpe:2.3:h:abus:tvip_51500:-:::::::* cpe:2.3:o:abus:tvip_20050_firmware:-:::::::* cpe:2.3:h:abus:tvip_71501:-:::::::* cpe:2.3:h:abus:tvip_10055a:-:::::::* cpe:2.3:h:abus:tvip_31500:-:::::::* cpe:2.3:o:abus:tvip_11551_firmware:-:::::::* cpe:2.3:h:abus:tvip_10005a:-:::::::* cpe:2.3:h:abus:tvip_11552:-:::::::* cpe:2.3:h:abus:tvip_21502:-:::::::* cpe:2.3:o:abus:tvip_10005a_firmware:-:::::::* cpe:2.3:h:abus:tvip_10500:-:::::::* cpe:2.3:h:abus:tvip_20500:-:::::::* cpe:2.3:o:abus:tvip_31501_firmware:-:::::::* cpe:2.3:o:abus:tvip_32500_firmware:-:::::::* cpe:2.3:o:abus:tvip_22500_firmware:-:::::::* cpe:2.3:h:abus:tvip_21552:-:::::::* cpe:2.3:o:abus:tvip_71501_firmware:-:::::::* cpe:2.3:o:abus:tvip_10051_firmware:-:::::::* cpe:2.3:h:abus:tvip_20000:-:::::::* cpe:2.3:o:abus:tvip_21500_firmware:-:::::::* cpe:2.3:o:abus:tvip_11000_firmware:-:::::::* cpe:2.3:h:abus:tvip_10055b:-:::::::* cpe:2.3:h:abus:tvip_10005b:-:::::::* cpe:2.3:h:abus:tvip_11501:-:::::::* cpe:2.3:h:abus:tvip_11502:-:::::::* cpe:2.3:o:abus:tvip_21502_firmware:-:::::::* cpe:2.3:h:abus:tvip_10550:-:::::::* cpe:2.3:o:abus:tvip_11050_firmware:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		CWE-78
References	~~(MISC) https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen -~~	(MISC) https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen - Third Party Advisory
References	~~(MISC) https://sec.maride.cc/posts/abus/#cve-2018-17879 -~~	(MISC) https://sec.maride.cc/posts/abus/#cve-2018-17879 - Exploit, Third Party Advisory

26 Oct 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-26 22:15

Updated : 2024-11-21 03:55

NVD link : CVE-2018-17879

Mitre link : CVE-2018-17879

CVE.ORG link : CVE-2018-17879

JSON object : View

Products Affected

abus

tvip_11050_firmware
tvip_71500
tvip_10005b_firmware
tvip_10500_firmware
tvip_11500_firmware
tvip_31001
tvip_10005a_firmware
tvip_20500_firmware
tvip_10005
tvip_10005a
tvip_11501
tvip_10055b
tvip_10005b
tvip_31551
tvip_51500_firmware
tvip_31050_firmware
tvip_21552_firmware
tvip_21050
tvip_10050_firmware
tvip_10500
tvip_11552_firmware
tvip_21551_firmware
tvip_20000_firmware
tvip_21550_firmware
tvip_20050
tvip_31000
tvip_21551
tvip_10001_firmware
tvip_21500
tvip_71501_firmware
tvip_31501_firmware
tvip_71500_firmware
tvip_72500_firmware
tvip_10005_firmware
tvip_10550_firmware
tvip_72500
tvip_31000_firmware
tvip_31550
tvip_31550_firmware
tvip_21501
tvip_71550_firmware
tvip_20050_firmware
tvip_71501
tvip_31500
tvip_20550_firmware
tvip_51500
tvip_31050
tvip_21000_firmware
tvip_21000
tvip_10001
tvip_21501_firmware
tvip_10055a
tvip_10055b_firmware
tvip_51550
tvip_21502_firmware
tvip_31500_firmware
tvip_31551_firmware
tvip_51550_firmware
tvip_71551
tvip_11550_firmware
tvip_10051_firmware
tvip_11000_firmware
tvip_10000
tvip_21502
tvip_21500_firmware
tvip_21050_firmware
tvip_32500
tvip_22500
tvip_11000
tvip_20000
tvip_21552
tvip_11550
tvip_20500
tvip_11501_firmware
tvip_11552
tvip_11502
tvip_10050
tvip_11502_firmware
tvip_32500_firmware
tvip_20550
tvip_22500_firmware
tvip_10550
tvip_11551_firmware
tvip_21550
tvip_10000_firmware
tvip_11551
tvip_31001_firmware
tvip_10055a_firmware
tvip_71551_firmware
tvip_10051
tvip_31501
tvip_71550
tvip_11050
tvip_11500

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

9.8 /10