CVE-2014-8389

Published: Dic 28, 2017 Last Modified: Apr 20, 2025

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

HIGH 10,0

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: none

Confidentiality: complete

Integrity: complete

Availability: complete

Description

AI Translation Available

cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,1401

Percentile

0,9th

Updated

EPSS Score Trend (Last 91 Days)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Non-Repudiation

Potential Impacts:

Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories Modify Files Or Directories Read Application Data Modify Application Data Hide Activities

Applicable Platforms

Technologies: AI/ML, Not Technology-Specific, Web Server

Likelihood of Exploit: High

View CWE Details

Operating System

Md-3025 Firmware by Airlive

Product Information

Vendor Airlive

Product Md-3025 Firmware

Version 1.81_21.08.2014

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:airlive:md-3025_firmware:1.81_21.08.2014:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Bu-3026 Firmware by Airlive

Product Information

Vendor Airlive

Product Bu-3026 Firmware

Version 1.43_21.08.2014

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:airlive:bu-3026_firmware:1.43_21.08.2014:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Bu-2015 Firmware by Airlive

Product Information

Vendor Airlive

Product Bu-2015 Firmware

Version 1.03.18_16.06.2014

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:airlive:bu-2015_firmware:1.03.18_16.06.2014:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Poe-200Cam V2 Firmware by Airlive

Product Information

Vendor Airlive

Product Poe-200Cam V2 Firmware

Version lm.1.6.17.01

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:airlive:poe-200cam_v2_firmware:lm.1.6.17.01:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Wl-2000Cam Firmware by Airlive

Product Information

Vendor Airlive

Product Wl-2000Cam Firmware

Version lm.1.6.18_14.10.2011

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:airlive:wl-2000cam_firmware:lm.1.6.18_14.10.2011:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

http://packetstormsecurity.com/files/132585/AirLive-Remote-…

Exploit Mitigation Third Party Advisory VDB Entry

http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.ht…

http://seclists.org/fulldisclosure/2015/Jul/29

Exploit Mailing List Mitigation Third Party Advisory

http://seclists.org/fulldisclosure/2015/Jul/29

https://www.coresecurity.com/advisories/airlive-multiple-pr…

Exploit Mitigation Technical Description Third Party Advisory

https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-in…

http://www.securityfocus.com/archive/1/535938/100/0/threaded

http://www.securityfocus.com/bid/75559

Exploit Mitigation Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/75559

http://packetstormsecurity.com/files/132585/AirLive-Remote-…

Exploit Mitigation Third Party Advisory VDB Entry

http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.ht…

http://seclists.org/fulldisclosure/2015/Jul/29

Exploit Mailing List Mitigation Third Party Advisory

http://seclists.org/fulldisclosure/2015/Jul/29

https://www.coresecurity.com/advisories/airlive-multiple-pr…

Exploit Mitigation Technical Description Third Party Advisory

https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-in…

http://www.securityfocus.com/archive/1/535938/100/0/threaded

http://www.securityfocus.com/bid/75559

Exploit Mitigation Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/75559

CVE-2014-8389

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Consequences

Applicable Platforms

Md-3025 Firmware by Airlive

Product Information

Bu-3026 Firmware by Airlive

Product Information

Bu-2015 Firmware by Airlive

Product Information

Poe-200Cam V2 Firmware by Airlive

Product Information

Wl-2000Cam Firmware by Airlive

Product Information

Iscriviti alla newsletter