Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-10660

CWE-78OS Command Injection6 documents5 sources
Severity
9.8CRITICAL
EPSS
91.1%
top 0.36%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
390
Axis A1001 FirmwareAxis A8004-v FirmwareAxis A8105-e Firmware+387 more
Timeline
PublishedJun 26
Latest updateJan 22

Description

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages390 packages

NVDaxis/a1001_firmware< 1.65.1
NVDaxis/a9161_firmware< 1.65.0
NVDaxis/a9188_firmware< 1.65.0
NVDaxis/c2005_firmware< 1.81.040.1
NVDaxis/c8033_firmware< 1.81.040.1

🔴Vulnerability Details

2
GHSA
GHSA-j872-mgv6-j7f3: An issue was discovered in multiple models of Axis IP Cameras2022-05-13
CVEList
CVE-2018-10660: An issue was discovered in multiple models of Axis IP Cameras2018-06-26

💥Exploits & PoCs

1
Exploit-DB
Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit)2018-07-27

🔍Detection Rules

2
Suricata
ET WEB_SPECIFIC_APPS Axis Communications Security Camera Command Injection Attempt (CVE-2018-10660) M12025-01-22
Suricata
ET WEB_SPECIFIC_APPS Axis Communications Security Camera Command Injection Attempt (CVE-2018-10660, CVE-2018-10661, CVE-2018-10662) M22025-01-22
CVE-2018-10660 (CRITICAL CVSS 9.8) | An issue was discovered in multiple | cvebase.io