cbcvebase.
CVE-2017-17105
published 2017-12-19

CVE-2017-17105: Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command…

PriorityP189critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
84.56%
99.7th percentile
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.

Affected

2 ranges
VendorProductVersion rangeFixed in
zivifpr115-204-p-rs_firmware
zivifpr115-204-p-rs_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlcgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot)
pathcgi-bin/iptest.cgi
command-url=$(reboot)
  • Detect unauthenticated GET/POST requests to cgi-bin/iptest.cgi containing shell command substitution patterns (e.g., $(...) or backticks) in the -url parameter, which indicates blind OS command injection attempts.
  • Flag any HTTP request to /cgi-bin/iptest.cgi that includes the parameter -url= with shell metacharacters ($, (, ), `, ;, |) as a high-confidence exploitation attempt against Zivif cameras.
  • The Metasploit module targets this vulnerability specifically against Zivif webcam versions prior to and including v2.3.4.2103; presence of this module in use can be identified by its characteristic request pattern to iptest.cgi.
  • ·Vulnerability affects Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly versions in between; scope of affected firmware range is not fully defined.
  • ·Exploitation requires no authentication, meaning the attack surface is exposed on any network-accessible Zivif camera without additional access controls.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.