As a leading security camera service provider, Uniview can meet your security needs in different scenarios. Our IP cameras renders high-quality images even in low illumination environment while featuring smart functions based on video content analytics, and minimizing bandwidth and storage. The most important business value of them is to provide excellent performance at an affordable price.There is a RCE vulnerability in UNV ip camera.Attackers can exploit this vulnerability to get shell.
", "Product": "UNV ip camera", "Homepage": "https://cn.uniview.com/", "DisclosureDate": "2022-04-07", "Author": "AnMing", "FofaQuery": "body=\"Alarm\" && body=\"白牌定制\"", "GobyQuery": "body=\"Alarm\" && body=\"白牌定制\"", "Level": "3", "Impact": "There is a RCE vulnerability in UNV ip camera.Attackers can exploit this vulnerability to get shell.
", "References": [ "http://wiki.peiqi.tech/wiki/iot/%E5%AE%87%E8%A7%86%E7%A7%91%E6%8A%80/%E6%B5%99%E6%B1%9F%E5%AE%87%E8%A7%86%E7%A7%91%E6%8A%80%20%E7%BD%91%E7%BB%9C%E8%A7%86%E9%A2%91%E5%BD%95%E5%83%8F%E6%9C%BA%20ISC%20LogReport.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html" ], "Translation": { "EN": { "Name": "UNV ip camera RCE CNVD-2020-31565", "Product": "UNV ip camera", "VulType": [ "RCE" ], "Tags": [ "RCE" ], "Description": "As a leading security camera service provider, Uniview can meet your security needs in different scenarios. Our IP cameras renders high-quality images even in low illumination environment while featuring smart functions based on video content analytics, and minimizing bandwidth and storage. The most important business value of them is to provide excellent performance at an affordable price.There is a RCE vulnerability in UNV ip camera.Attackers can exploit this vulnerability to get shell.
", "Impact": "There is a RCE vulnerability in UNV ip camera.Attackers can exploit this vulnerability to get shell.
", "Recommendation": "The supplier has released a solution, please pay a attention to manufacturer homepage :https://cn.uniview.com/" }, "CN": { "Name": "浙江宇视科技 网络视频录像机 ISC LogReport.php 远程命令执行漏洞 CNVD-2020-31565", "Product": "浙江宇视科技网络视频录像机", "VulType": [ "RCE" ], "Tags": [ "RCE" ], "Description": "浙江宇视科技网络视频录像机是一款高清无线的网络摄像。
浙江宇视科技网络视频录像机 LogReport.php 文件存在远程命令执行漏洞,攻击者可通过该漏洞执行系统命令。
", "Impact": "浙江宇视科技网络视频录像机 LogReport.php 文件存在远程命令执行漏洞,攻击者可通过该漏洞执行系统命令。
", "Recommendation": "厂商已发布了漏洞修复程序,请及时关注更新:https://cn.uniview.com/
" } }, "Is0day": false, "HasExp": true, "ExpParams": [ { "name": "Command", "type": "input", "value": "id", "show": "" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [ "username|lastbody|regex|admin" ] } ], "ExploitSteps": [ "" ], "Tags": [ "RCE" ], "VulType": [ "RCE" ], "CVEIDs": [ "" ], "CNNVD": [ "" ], "CNVD": [ "CNVD-2020-31565" ], "CVSSScore": "10.0", "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null } }