9.8
CRITICAL
CVE-2018-17558
Abus TVIP Command Injection and Hardcoded Credentials
Description

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

INFO

Published Date :

Oct. 26, 2023, 10:15 p.m.

Last Modified :

Sept. 11, 2024, 8:35 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2018-17558 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Abus tvip_10000_firmware
2 Abus tvip_10001_firmware
3 Abus tvip_10005_firmware
4 Abus tvip_10005a_firmware
5 Abus tvip_10005b_firmware
6 Abus tvip_10050_firmware
7 Abus tvip_10051_firmware
8 Abus tvip_10055a_firmware
9 Abus tvip_10055b_firmware
10 Abus tvip_10500_firmware
11 Abus tvip_10550_firmware
12 Abus tvip_11000_firmware
13 Abus tvip_11050_firmware
14 Abus tvip_11500_firmware
15 Abus tvip_11501_firmware
16 Abus tvip_11502_firmware
17 Abus tvip_11550_firmware
18 Abus tvip_11551_firmware
19 Abus tvip_11552_firmware
20 Abus tvip_20000_firmware
21 Abus tvip_20050_firmware
22 Abus tvip_20500_firmware
23 Abus tvip_20550_firmware
24 Abus tvip_21000_firmware
25 Abus tvip_21050_firmware
26 Abus tvip_21500_firmware
27 Abus tvip_21501_firmware
28 Abus tvip_21502_firmware
29 Abus tvip_21550_firmware
30 Abus tvip_21551_firmware
31 Abus tvip_21552_firmware
32 Abus tvip_22500_firmware
33 Abus tvip_31000_firmware
34 Abus tvip_31001_firmware
35 Abus tvip_31050_firmware
36 Abus tvip_31500_firmware
37 Abus tvip_31501_firmware
38 Abus tvip_31550_firmware
39 Abus tvip_31551_firmware
40 Abus tvip_32500_firmware
41 Abus tvip_51500_firmware
42 Abus tvip_51550_firmware
43 Abus tvip_71500_firmware
44 Abus tvip_71501_firmware
45 Abus tvip_71550_firmware
46 Abus tvip_71551_firmware
47 Abus tvip_72500_firmware
48 Abus tvip_10000
49 Abus tvip_10001
50 Abus tvip_10005
51 Abus tvip_10005a
52 Abus tvip_10005b
53 Abus tvip_10050
54 Abus tvip_10051
55 Abus tvip_10055a
56 Abus tvip_10055b
57 Abus tvip_10500
58 Abus tvip_10550
59 Abus tvip_11000
60 Abus tvip_11050
61 Abus tvip_11500
62 Abus tvip_11501
63 Abus tvip_11502
64 Abus tvip_11550
65 Abus tvip_11551
66 Abus tvip_11552
67 Abus tvip_20000
68 Abus tvip_20050
69 Abus tvip_20500
70 Abus tvip_20550
71 Abus tvip_21000
72 Abus tvip_21050
73 Abus tvip_21500
74 Abus tvip_21501
75 Abus tvip_21502
76 Abus tvip_21550
77 Abus tvip_21551
78 Abus tvip_21552
79 Abus tvip_22500
80 Abus tvip_31000
81 Abus tvip_31001
82 Abus tvip_31050
83 Abus tvip_31500
84 Abus tvip_31501
85 Abus tvip_31550
86 Abus tvip_31551
87 Abus tvip_32500
88 Abus tvip_51500
89 Abus tvip_51550
90 Abus tvip_71500
91 Abus tvip_71501
92 Abus tvip_71550
93 Abus tvip_71551
94 Abus tvip_72500
: Total Affected Vendor : 1 | Products : 94
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2018-17558.

URL Resource
https://sec.maride.cc/posts/abus/ Exploit Third Party Advisory
https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2018-17558 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2018-17558 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Sep. 11, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-78
    Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://sec.maride.cc/posts/abus/ No Types Assigned https://sec.maride.cc/posts/abus/ Exploit, Third Party Advisory
    Changed Reference Type https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen No Types Assigned https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen Third Party Advisory
    Added CWE NIST CWE-798
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10005:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10005a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10005b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10051:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10055a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10055b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11501:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11502:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11551:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11552:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_20000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_20050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_20500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_20550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21501:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21502:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21551:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21552:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_22500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31501:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31551:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_32500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_51500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_51550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_71500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_71501:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_71550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_71551:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_72500:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2018-17558 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2018-17558 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.26 }} 0.21%

score

0.63760

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: