473,396 Members | 2,108 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > security > insights > sony ipela e-series webcam remote command execution vulnerability warning

Join Bytes and contribute your articles to a community of 473,396 developers and data experts.

Sony IPELA E-Series Webcam Remote Command Execution Vulnerability Warning

1
Author: Knownsec 404 ZoomEye Team
Chinese version: https://paper.seebug.org/655/

Background

Sony is a global leader in audiovisual, video games, communications products and information technology. It is the first pioneer in portable digital products and one of the largest electronics manufacturers in the world.

On July 20, 2018, the Sony IPELA E-series webcam was exposed to remote command execution vulnerabilities, and the details of the vulnerability were disclosed online. Because the series of cameras didn't filter the user's input and directly spliced into a command string and executes, the attacker could execute any command based on this and further completely take over the camera.

The vulnerability is assigned the number CVE-2018-3937. The vulnerability is not difficult to exploit. According to the description in the original vulnerability details, Sony officially has released the patch for the vulnerability on September 19, 2018. On September 24, 2018, the vulnerability was included in the Seebug vulnerability platform. The 404 Team followed up quickly and Vulnerability recurrened the vulnerability.

Vulnerability impact

We use the keyword, “app: SonyNetworkCamerahttpd”, to search on the ZoomEye's Cyberspace Search Engine, and get 6468 IP history record. This vulnerability is not difficult*to exploit.

The countries affected by the vulnerability are distributed as follows, mainly in the United States, Vietnam, Germany and other countries.

Vulnerability repair

According to the description in the original vulnerability details, Sony has released the relevant patch to fix the vulnerability. Please download and install the latest firmware according to the corresponding camera model.
Aug 30 '18 #1
0 3233

Sign in to post your reply or Sign up for a free account.

Similar topics

0
Remote Code Execution error
by: lists | last post by:
Howdy -- I'm using ezContents (http://ezcontents.com). When I try to exicute a module from a menu link I get the follow error: Remote Code Execution Patch Installed on this implementation of...
PHP
3
mySQL Remote Backups - No Access to FTP or Remote Command Line
by: JStrummer | last post by:
I have a mySQL database located on a remote host's server. I would like to schedule a task on my local Windows computer to retrieve a backup/dump of this remote database. I have contacted my...
MySQL Database
3
SQL Server - Remote Command Line Management
by: JDB | last post by:
As a Sys Admin, I was wondering - if I have admin rights to a Win2k machine that is hosting SQL Server 2000, do I have the ability using any command-line tools such as OSQL or ISQL to add, delete,...
Microsoft SQL Server
5
Command Execution
by: Niggy | last post by:
I think I'm missing an execute command here. Please help. Private Sub ListBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles...
ASP.NET
0
Remote Process Execution in vb.net
by: Patrick A. | last post by:
Dll written in VB.NET 2003 to start a command remotely. You can : - launch the command and wait until it's finished. (Ex. 1) - launch the command providing a timeout in seconds, it will wait...
Visual Basic .NET
1
Time delay function/command...between two command execution in VB.NET
by: klmishraa79 | last post by:
i want to know how i can put a time delay between two command execution...i.e. after first command of programm the second command should execute after some fixed delay......i want to use time delay...
.NET Framework
6
Php Secure Shell2 (ssh2) Unable to request command execution onremote host
by: Varlamov Konstantyn | last post by:
I have simple script: <?php $connection = ssh2_connect("ip", 22); ssh2_auth_password($connection,"login","test");
PHP
2
Remote Command a Python Script
by: Ulysse | last post by:
Hello, I've installed Python 2.5 on my WRT54G Linksys Router. On this router a script is executed. This script write a little Pickle database in the router memory. I would like to write...
Python
1
Remote program execution using cgi-perl
by: jasper123 | last post by:
Hello, I am developing a cgi-perl script that takes some value from a html form as input and stores them in a data file. I have a program called "irr" in my server, it is executed just by typing irr...
Perl
0
Asynchronous command execution
by: Mecena | last post by:
hi all! is there a way to abort reader execution when using the asynchronous reader calls with BeginExecuteReader and EndExecuteReader? I have to load millions of records on load and I want to have...
.NET Framework
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!