CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-12289

An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware or even steal account information by executing a command.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.2%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://f1security.co.kr/cve/cve_190314.htm
http://f1security.co.kr/cve/cve_190314.htm

Products affected by CVE-2019-12289

Vstracam » C38s » Version: N/A

cpe:2.3:h:vstracam:c38s:-
Vstracam » C7824wip » Version: N/A

cpe:2.3:h:vstracam:c7824wip:-
Vstracam » C38s Firmware » Version: ch-sys-48.53.203.119~123

cpe:2.3:o:vstracam:c38s_firmware:ch-sys-48.53.203.119~123
Vstracam » C7824wip Firmware » Version: ch-sys-48.53.75.119~123

cpe:2.3:o:vstracam:c7824wip_firmware:ch-sys-48.53.75.119~123

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12289

Products

Pricing

Contact Us