472,967 Members | 1,725 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > security > insights > sony ipela e-series webcam remote command execution vulnerability warning

Join Bytes and contribute your articles to a community of 472,967 developers and data experts.

Sony IPELA E-Series Webcam Remote Command Execution Vulnerability Warning

1
Author: Knownsec 404 ZoomEye Team
Chinese version: https://paper.seebug.org/655/

Background

Sony is a global leader in audiovisual, video games, communications products and information technology. It is the first pioneer in portable digital products and one of the largest electronics manufacturers in the world.

On July 20, 2018, the Sony IPELA E-series webcam was exposed to remote command execution vulnerabilities, and the details of the vulnerability were disclosed online. Because the series of cameras didn't filter the user's input and directly spliced into a command string and executes, the attacker could execute any command based on this and further completely take over the camera.

The vulnerability is assigned the number CVE-2018-3937. The vulnerability is not difficult to exploit. According to the description in the original vulnerability details, Sony officially has released the patch for the vulnerability on September 19, 2018. On September 24, 2018, the vulnerability was included in the Seebug vulnerability platform. The 404 Team followed up quickly and Vulnerability recurrened the vulnerability.

Vulnerability impact

We use the keyword, “app: SonyNetworkCamerahttpd”, to search on the ZoomEye's Cyberspace Search Engine, and get 6468 IP history record. This vulnerability is not difficult*to exploit.

The countries affected by the vulnerability are distributed as follows, mainly in the United States, Vietnam, Germany and other countries.

Vulnerability repair

According to the description in the original vulnerability details, Sony has released the relevant patch to fix the vulnerability. Please download and install the latest firmware according to the corresponding camera model.
Aug 30 '18 #1
0 3174

Sign in to post your reply or Sign up for a free account.

Similar topics

0
Remote Code Execution error
by: lists | last post by:
Howdy -- I'm using ezContents (http://ezcontents.com). When I try to exicute a module from a menu link I get the follow error: Remote Code Execution Patch Installed on this implementation of...
PHP
3
mySQL Remote Backups - No Access to FTP or Remote Command Line
by: JStrummer | last post by:
I have a mySQL database located on a remote host's server. I would like to schedule a task on my local Windows computer to retrieve a backup/dump of this remote database. I have contacted my...
MySQL Database
3
SQL Server - Remote Command Line Management
by: JDB | last post by:
As a Sys Admin, I was wondering - if I have admin rights to a Win2k machine that is hosting SQL Server 2000, do I have the ability using any command-line tools such as OSQL or ISQL to add, delete,...
Microsoft SQL Server
5
Command Execution
by: Niggy | last post by:
I think I'm missing an execute command here. Please help. Private Sub ListBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles...
ASP.NET
0
Remote Process Execution in vb.net
by: Patrick A. | last post by:
Dll written in VB.NET 2003 to start a command remotely. You can : - launch the command and wait until it's finished. (Ex. 1) - launch the command providing a timeout in seconds, it will wait...
Visual Basic .NET
1
Time delay function/command...between two command execution in VB.NET
by: klmishraa79 | last post by:
i want to know how i can put a time delay between two command execution...i.e. after first command of programm the second command should execute after some fixed delay......i want to use time delay...
.NET Framework
6
Php Secure Shell2 (ssh2) Unable to request command execution onremote host
by: Varlamov Konstantyn | last post by:
I have simple script: <?php $connection = ssh2_connect("ip", 22); ssh2_auth_password($connection,"login","test");
PHP
2
Remote Command a Python Script
by: Ulysse | last post by:
Hello, I've installed Python 2.5 on my WRT54G Linksys Router. On this router a script is executed. This script write a little Pickle database in the router memory. I would like to write...
Python
1
Remote program execution using cgi-perl
by: jasper123 | last post by:
Hello, I am developing a cgi-perl script that takes some value from a html form as input and stores them in a data file. I have a program called "irr" in my server, it is executed just by typing irr...
Perl
0
Asynchronous command execution
by: Mecena | last post by:
hi all! is there a way to abort reader execution when using the asynchronous reader calls with BeginExecuteReader and EndExecuteReader? I have to load millions of records on load and I want to have...
.NET Framework
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
2
Windows 11 and Access Combo Box Issue
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
Microsoft Access / VBA
2
isladogs
Access Europe meeting on Wed 4 Oct - The future of Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
tracyyun
Can faster file sharing be achieved by connecting computers simultaneously via WiFi and LAN cables
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
Networking - Hardware / Configuration
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
0
isladogs
Access Europe Meeting - Wed 1 Nov - Using SQL Server skills to extend Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
Microsoft Access / VBA
3
Finding a record, and then saving a new record after the record has been amended.
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
Microsoft Access / VBA
0
NeoPa
VBA Class Basics (Report Class)
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
Microsoft Access / VBA
2
Take a Database to the Next Level
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!