CVE-2018-18600

CVE-2018-18600

CVSS 8.1 HIGHEPSS 1.6%CWE-78

The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://labs.bitdefender.com/2018/12/iot-report-major-flaws-in-guardzilla-cameras-allow-remote-hijack-of-the-security-device/