⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-10661

6 documents6 sources
Severity
9.8CRITICAL
EPSS
89.4%
top 0.46%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
390
Axis A1001 FirmwareAxis A8004-v FirmwareAxis A8105-e Firmware+387 more
Timeline
PublishedJun 26
Latest updateJan 22

Description

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages390 packages

NVDaxis/a1001_firmware< 1.65.1
NVDaxis/a9161_firmware< 1.65.0
NVDaxis/a9188_firmware< 1.65.0
NVDaxis/c2005_firmware< 1.81.040.1
NVDaxis/c8033_firmware< 1.81.040.1

🔴Vulnerability Details

3
GHSA
GHSA-5p6f-grw5-jp3r: An issue was discovered in multiple models of Axis IP Cameras2022-05-13
CVEList
CVE-2018-10661: An issue was discovered in multiple models of Axis IP Cameras2018-06-26
VulnCheck
Axis IP Cameras Authorization Bypass Vulnerability2018

💥Exploits & PoCs

1
Exploit-DB
Axis Network Camera - .srv to parhand Remote Code Execution (Metasploit)2018-07-27

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Axis Communications Security Camera Command Injection Attempt (CVE-2018-10660, CVE-2018-10661, CVE-2018-10662) M22025-01-22
CVE-2018-10661 (CRITICAL CVSS 9.8) | An issue was discovered in multiple | cvebase.io