CVE-2019-8387
published 2019-05-08CVE-2019-8387: MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
PriorityP187critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
55.72%
98.9th percentile
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barni | master_ip_camera01_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP GET requests to any of the vulnerable CGI endpoints on Master IP CAM 01 devices where the 'cmd' or 'action' query parameter contains backtick-wrapped shell command injection (e.g., ?cmd=`...` or ?action=`...`) ↗
- →Monitor for outbound HTTP requests from IP camera devices containing shell command output in the URI path, indicative of successful RCE exfiltration (e.g., wget with $(id) in the URL) ↗
- ·The exploit targets firmware version 3.3.4.2103 specifically; the vulnerable CGI endpoints and injection parameters may differ on other firmware versions ↗
- ·The exploit iterates through 21 CGI endpoints and stops at the first one returning HTTP 200; not all endpoints may be present or reachable on every device configuration ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8x2q-3wp4-jgm2: MASTER IPCAMERA01 3
ghsa_unreviewed·2022-05-24
CVE-2019-8387 [CRITICAL] GHSA-8x2q-3wp4-jgm2: MASTER IPCAMERA01 3
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
VulnCheck
MASTER IPCAMERA01 3.3.4.2103 Remote Command Execution
vulncheck·2019·CVSS 9.8
CVE-2019-8387 [CRITICAL] MASTER IPCAMERA01 3.3.4.2103 Remote Command Execution
MASTER IPCAMERA01 3.3.4.2103 Remote Command Execution
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
Affected: barni master_ip_camera01_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-13&host_type=src&vulnerability=cve-2019-8387; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-01-06&host_type=src&vulnerability=cve-2019-8387; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-06-29&host_type=src&vulnerability=cve-2019-8387; https://dashboard.s
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/151725/Master-IP-CAM-01-3.3.4.2103-Remote-Command-Execution.htmlhttps://syrion.me/blog/https://www.exploit-db.com/exploits/46400/http://packetstormsecurity.com/files/151725/Master-IP-CAM-01-3.3.4.2103-Remote-Command-Execution.htmlhttps://syrion.me/blog/https://www.exploit-db.com/exploits/46400/
2019-05-08
Published
Exploited in the wild