Author: Knownsec 404 ZoomEye Team
Chinese version: https://paper.seebug.or g/655/
Background
Sony is a global leader in audiovisual, video games, communications products and information technology. It is the first pioneer in portable digital products and one of the largest electronics manufacturers in the world.
On July 20, 2018, the Sony IPELA E-series webcam was exposed to remote command execution vulnerabilities , and the details of the vulnerability were disclosed online. Because the series of cameras didn't filter the user's input and directly spliced into a command string and executes, the attacker could execute any command based on this and further completely take over the camera.
The vulnerability is assigned the number CVE-2018-3937. The vulnerability is not difficult to exploit. According to the description in the original vulnerability details, Sony officially has released the patch for the vulnerability on September 19, 2018. On September 24, 2018, the vulnerability was included in the Seebug vulnerability platform. The 404 Team followed up quickly and Vulnerability recurrened the vulnerability.
Vulnerability impact
We use the keyword, “app: SonyNetworkCame rahttpd”, to search on the ZoomEye's Cyberspace Search Engine, and get 6468 IP history record. This vulnerability is not difficult*to exploit.
The countries affected by the vulnerability are distributed as follows, mainly in the United States, Vietnam, Germany and other countries.
Vulnerability repair
According to the description in the original vulnerability details, Sony has released the relevant patch to fix the vulnerability. Please download and install the latest firmware according to the corresponding camera model.
0  3248  Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: lists |
last post by:
Howdy --
I'm using ezContents (http://ezcontents.com).
When I try to exicute a module from a menu link I get the follow error:
Remote Code Execution Patch Installed on this implementation of
ezContents
(Path is /ezcontents/modules/calendar.php)
The suggestion posted to the forum is listed below, but I'm hopping for
a code level fix?
|
by: JStrummer |
last post by:
I have a mySQL database located on a remote host's server. I would
like to schedule a task on my local Windows computer to retrieve a
backup/dump of this remote database.
I have contacted my host, and they indicated that the server is only
open to the Internet via mySQL. Therefore, even if I did have access
to that server's command line (which I don't) to create dumps via
mysqldump, I would not be able to retrieve via FTP.
Does...
|
by: JDB |
last post by:
As a Sys Admin, I was wondering - if I have admin rights to a Win2k machine
that is hosting SQL Server 2000, do I have the ability using any
command-line tools such as OSQL or ISQL to add, delete, or change accounts
registered in SQL Server for the various databases if I don't have access to
a specific account within SQL Server?
I ask, because the question that came up was - what if we have a DBA leave
under less than amicable...
|
by: Niggy |
last post by:
I think I'm missing an execute command here. Please help.
Private Sub ListBox1_SelectedIndexChanged(ByVal sender As System.Object,
ByVal e As System.EventArgs) Handles ListBox1.SelectedIndexChanged
Me.Label1.Text = ListBox1.SelectedItem.Value()
Me.DataGrid1.Visible = False
Me.MySqlCommand2.CommandText = "select * from filename where
Customer_id=" + ListBox1.SelectedItem.Value
Me.MySqlDataTable2.SelectCommand = Me.MySqlCommand2...
|
by: Patrick A. |
last post by:
Dll written in VB.NET 2003 to start a command remotely.
You can :
- launch the command and wait until it's finished. (Ex. 1)
- launch the command providing a timeout in seconds, it will wait until
it's finished. If the command didn't terminate within the timeout, the
command is killed. (Ex. 2)
- launch the command and continue your processing after the command has
been started remotely (Ex. 3).
| | |
by: klmishraa79 |
last post by:
i want to know how i can put a time delay between two command execution...i.e. after first command of programm the second command should
execute after some fixed delay......i want to use time delay other than sleep or timer....is it there any direct delay command like it is in c and c+...looking for ur suggestions.....thanks
|
by: Varlamov Konstantyn |
last post by:
I have simple script:
<?php
$connection = ssh2_connect("ip", 22);
ssh2_auth_password($connection,"login","test");
|
by: Ulysse |
last post by:
Hello,
I've installed Python 2.5 on my WRT54G Linksys Router. On this router
a script is executed. This script write a little Pickle database in
the router memory.
I would like to write another Python script which will be able to :
1. Stop and start the remote script from my Windows Computer. At
present I use Putty to connect to the router by the SSL, then I
|
by: jasper123 |
last post by:
Hello,
I am developing a cgi-perl script that takes some value from a html form as input and stores them in a data file. I have a program called "irr" in my server, it is executed just by typing irr at the shell prompt. Upon execution the program first displays a line describing the types of input required and waits for the input in the next line.I intend to pass the inputs from the values stored in the data file by the script. The following is...
|
by: Mecena |
last post by:
hi all!
is there a way to abort reader execution when using the asynchronous reader calls with BeginExecuteReader and EndExecuteReader?
I have to load millions of records on load and I want to have a form that has the abort button that kills the fetch.
Any ideas?
thanx,
M.
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
