Vstracm C38s Firmware Remote Code Exection Vulnerability
An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR220.127.116.11 and 200V (C38S) KR18.104.22.168 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through a manipulated web UI firmware update.
The information has been provided by Vstracm
The original article can be found at: http://f1security.co.kr/cve/cve_190314.htm
An exploitable firmware vulnerability by updating web UI firmware (Remote). An attacker can gain control through a forced firmware update without any authentication via upgrade_htmls.cgi in a web application on a custom-built GoAhead web server used on Vstarcam.
- Vstracm C38s Firmware Kr22.214.171.124
- Vstracm C7824iwp Firmware Kr126.96.36.199