470,871 Members | 2,127 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Share your developer knowledge by writing an article on Bytes.

Sony IPELA E-Series Webcam Remote Command Execution Vulnerability Warning

Author: Knownsec 404 ZoomEye Team
Chinese version: https://paper.seebug.org/655/


Sony is a global leader in audiovisual, video games, communications products and information technology. It is the first pioneer in portable digital products and one of the largest electronics manufacturers in the world.

On July 20, 2018, the Sony IPELA E-series webcam was exposed to remote command execution vulnerabilities, and the details of the vulnerability were disclosed online. Because the series of cameras didn't filter the user's input and directly spliced into a command string and executes, the attacker could execute any command based on this and further completely take over the camera.

The vulnerability is assigned the number CVE-2018-3937. The vulnerability is not difficult to exploit. According to the description in the original vulnerability details, Sony officially has released the patch for the vulnerability on September 19, 2018. On September 24, 2018, the vulnerability was included in the Seebug vulnerability platform. The 404 Team followed up quickly and Vulnerability recurrened the vulnerability.

Vulnerability impact

We use the keyword, “app: SonyNetworkCamerahttpd”, to search on the ZoomEye's Cyberspace Search Engine, and get 6468 IP history record. This vulnerability is not difficult*to exploit.

The countries affected by the vulnerability are distributed as follows, mainly in the United States, Vietnam, Germany and other countries.

Vulnerability repair

According to the description in the original vulnerability details, Sony has released the relevant patch to fix the vulnerability. Please download and install the latest firmware according to the corresponding camera model.
Aug 30 '18 #1
0 2849

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

reply views Thread by lists | last post: by
5 posts views Thread by Niggy | last post: by
reply views Thread by Patrick A. | last post: by
2 posts views Thread by Ulysse | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.