CNNVD-202510-1260 Information

CNNVD ID

CNNVD-202510-1260

Related CVE

CVE-2016-15047

• CNNVD Published: 2025-10-09

Description (Chinese)

AVTECH IP camera是中国台湾陞泰科技（AVTECH）公司的一系列网络安全摄像头。 AVTECH IP camera 存在安全漏洞，该漏洞源于CloudSetup.cgi管理端点中的exefile参数未经适当验证或白名单处理，可能导致经过身份验证的攻击者执行任意系统命令。

Description (English)

AVTECH IP camera is a series of cyber-security cameras of Taiwan, Taiwan, and AVTECCH. AVTECH IP camera has a security loophole, which stems from the fact that exefile parameters at the CloudSetup.cgi management endpoint are not properly validated or processed by white lists, which may lead to the implementation of arbitrary system orders by an identified assailant.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

陞泰科技

Published

2025-10-09

Last Modified

2026-02-24

References

http://www.search-lab.hu/media/vulnerability_matrix.txt https://web.archive.org/web/20170420145806/ https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities https://web.archive.org/web/20240810225729/ https://www.exploit-db.com/exploits/40500 https://www.sonicwall.com/blog/attackers-actively-targeting-vulnerable-avtech-devices https://www.trendmicro.com/en_us/research/17/c/new-linux-malware-exploits-cgi-vulnerability.html https://www.vulncheck.com/advisories/avtech-cloudsetup-cgi-auth-command-injection https://access.redhat.com/security/cve/cve-2016-15047