CVE-2021-40378
published 2021-09-01CVE-2021-40378: An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.
PriorityP262high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EXPLOIT
EPSS
15.02%
96.3th percentile
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| comprotech | ip570_firmware | — | — |
| comprotech | ip70_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests targeting the path /cgi-bin/support/killps.cgi on Compro IP camera devices; any access to this endpoint triggers full device data deletion (DoS/destructive action). ↗
- →Flag this endpoint as a backdoor — it is pre-installed on affected firmware versions (IP70 2.08_7130218, IP570 2.08_7130520, IP60, TN540) and requires only an authenticated session to trigger. ↗
- ·Exploitation requires a prior authenticated session on the device; unauthenticated access alone may not trigger the destructive action. ↗
- ·Affected firmware versions are specifically IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540; detections should be scoped to these device/firmware combinations. ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv2.08.5HIGHAV:N/AC:L/Au:S/C:N/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/164024/Compro-Technology-IP-Camera-Denial-Of-Service.htmlhttps://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-vulnerabilities.mdhttp://packetstormsecurity.com/files/164024/Compro-Technology-IP-Camera-Denial-Of-Service.htmlhttps://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-vulnerabilities.md
2021-09-01
Published