Full title: IDS VSE IP Camera - Authenticated Remote Code Execution Vulnerability 
Category: remote exploits
Platform: hardware
The ctrl.cgi script on the device's webserver that runs as root is vulnerable to remote command execution by an authenticated user, with the default password being "admin:admin". The sntpip GET parameter is fed to the command line by the CGI script without sanitization for semicolons, allowing any authenticated bad actor to escape out of the system command and execute commands of their choice. This is particularly dangerous because the platform this camera runs on is Linux and has wget which could be used for downloading malware. Anyone could infect these IP cameras for use in a botnet.

# 0day.today @ http://0day.today/