CVE-2020-7848

Summary

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

Affected Software

VendorProductVersion RangeStatus
EFM networks & multimediaipTIME C200 IP Camera1.0.12 <= 1.0.12affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References