CVE-2018-3937

Summary

An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
TalosSonySony IPELA E series G5 firmware 1.87.00affected

Weaknesses

  • command injection

ADP Enrichment

CVE Program Container

Additional References

References