Strike ID:
E19-d0jy1
CVSS:
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2018

Description

A remote OS command injection exists in multiple devices using the Shenzhen TVT Digital Technology API. Due to hardcoded credentials and lack of input sanitization when parsing user supplied data, the vulnerability allows remote attackers to execute arbitrary OS commands with root privileges.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}