Full Disclosure mailing list archives
SSD Advisory – Vacron NVR Remote Command Execution
From: Maor Shwartz <maors () beyondsecurity com>
Date: Sun, 8 Oct 2017 09:59:16 +0300
SSD Advisory – Vacron NVR Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3445 Twitter: @SecuriTeam_SSD Weibo: SecuriTeam_SSD Vulnerability Summary The following advisory describes a remote command execution vulnerability. VACRON Specializing in “various types of mobile monitoring, CCTV monitoring system, IP remote image monitoring system monitoring and other related production, and can accept ODM, OEM and other customized orders, the main products: driving recorder, CCTV analog monitoring system, CMS, IP Cam, etc.” Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response We tried to contact Vacron since September 5 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for the vulnerability. -- Thanks Maor Shwartz Beyond Security GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – Vacron NVR Remote Command Execution – SecuriTeam Blogs.pdf
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- SSD Advisory – Vacron NVR Remote Command Execution Maor Shwartz (Oct 10)