CVE-2020-7879

This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365	Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:iptime:c200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iptime:c200:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type	Values Removed	Values Added
CVSS	v2 : ~~6.8~~ v3 : ~~9.8~~	v2 : 6.8 v3 : 8.8
References	~~() https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365 - Third Party Advisory~~	() https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365 - Third Party Advisory

Information

Published : 2021-11-30 19:15

Updated : 2024-11-21 05:37

NVD link : CVE-2020-7879

Mitre link : CVE-2020-7879

CVE.ORG link : CVE-2020-7879

JSON object : View

Products Affected

iptime

c200
c200_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2020-7879", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "vuln@krcert.or.kr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-11-30T19:15:08.030", "references": [{"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365", "tags": ["Third Party Advisory"], "source": "vuln@krcert.or.kr"}, {"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "vuln@krcert.or.kr", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command."}, {"lang": "es", "value": "Este problema se ha detectado cuando la c\u00e1mara IP ipTIME C200 se sincroniz\u00f3 con el NAS ipTIME. Es necesario extraer el valor de la c\u00e1mara IP ipTIME porque el NAS ipTIME env\u00eda ans setCookie(\"[COOKIE]\") . El valor se transfiere a la opci\u00f3n --header en el binario de wget, y no presenta ninguna comprobaci\u00f3n de comprobaci\u00f3n. Esta vulnerabilidad permite a atacantes remotos ejecutar un comando remoto"}], "lastModified": "2024-11-21T05:37:58.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:iptime:c200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67D5AC5F-54DC-4806-9D9D-7A11A8296919", "versionEndIncluding": "1.0.16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:iptime:c200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51EFFE28-E23D-4FB7-9BF2-179DD051B0A7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vuln@krcert.or.kr"}