473,288 Members | 1,718 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes and contribute your articles to a community of 473,288 developers and data experts.

Sony IPELA E-Series Webcam Remote Command Execution Vulnerability Warning

1
Author: Knownsec 404 ZoomEye Team
Chinese version: https://paper.seebug.org/655/

Background

Sony is a global leader in audiovisual, video games, communications products and information technology. It is the first pioneer in portable digital products and one of the largest electronics manufacturers in the world.

On July 20, 2018, the Sony IPELA E-series webcam was exposed to remote command execution vulnerabilities, and the details of the vulnerability were disclosed online. Because the series of cameras didn't filter the user's input and directly spliced into a command string and executes, the attacker could execute any command based on this and further completely take over the camera.

The vulnerability is assigned the number CVE-2018-3937. The vulnerability is not difficult to exploit. According to the description in the original vulnerability details, Sony officially has released the patch for the vulnerability on September 19, 2018. On September 24, 2018, the vulnerability was included in the Seebug vulnerability platform. The 404 Team followed up quickly and Vulnerability recurrened the vulnerability.

Vulnerability impact

We use the keyword, “app: SonyNetworkCamerahttpd”, to search on the ZoomEye's Cyberspace Search Engine, and get 6468 IP history record. This vulnerability is not difficult*to exploit.

The countries affected by the vulnerability are distributed as follows, mainly in the United States, Vietnam, Germany and other countries.

Vulnerability repair

According to the description in the original vulnerability details, Sony has released the relevant patch to fix the vulnerability. Please download and install the latest firmware according to the corresponding camera model.
Aug 30 '18 #1
0 3222

Sign in to post your reply or Sign up for a free account.

Similar topics

0
by: lists | last post by:
Howdy -- I'm using ezContents (http://ezcontents.com). When I try to exicute a module from a menu link I get the follow error: Remote Code Execution Patch Installed on this implementation of...
3
by: JStrummer | last post by:
I have a mySQL database located on a remote host's server. I would like to schedule a task on my local Windows computer to retrieve a backup/dump of this remote database. I have contacted my...
3
by: JDB | last post by:
As a Sys Admin, I was wondering - if I have admin rights to a Win2k machine that is hosting SQL Server 2000, do I have the ability using any command-line tools such as OSQL or ISQL to add, delete,...
5
by: Niggy | last post by:
I think I'm missing an execute command here. Please help. Private Sub ListBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles...
0
by: Patrick A. | last post by:
Dll written in VB.NET 2003 to start a command remotely. You can : - launch the command and wait until it's finished. (Ex. 1) - launch the command providing a timeout in seconds, it will wait...
1
by: klmishraa79 | last post by:
i want to know how i can put a time delay between two command execution...i.e. after first command of programm the second command should execute after some fixed delay......i want to use time delay...
6
by: Varlamov Konstantyn | last post by:
I have simple script: <?php $connection = ssh2_connect("ip", 22); ssh2_auth_password($connection,"login","test");
2
by: Ulysse | last post by:
Hello, I've installed Python 2.5 on my WRT54G Linksys Router. On this router a script is executed. This script write a little Pickle database in the router memory. I would like to write...
1
by: jasper123 | last post by:
Hello, I am developing a cgi-perl script that takes some value from a html form as input and stores them in a data file. I have a program called "irr" in my server, it is executed just by typing irr...
0
by: Mecena | last post by:
hi all! is there a way to abort reader execution when using the asynchronous reader calls with BeginExecuteReader and EndExecuteReader? I have to load millions of records on load and I want to have...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.