mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
822 B
822 B
CVE-2015-8257
Description
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
POC
Reference
- http://packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.html
- https://www.exploit-db.com/exploits/40171/