| 标题 | Faraday Technology DVR GM828x, GM8181 OS Command Injection |
|---|
| 描述 | The Faraday Technology GM828x/GM8181 DVR devices have been found to contain a command injection vulnerability within the ntp_srv parameter. This vulnerability may allow an attacker to execute arbitrary system commands on the device with the privileges of the NTP process via a network command protocol, affecting over 27,000 Internet-connected devices. |
|---|
| 来源 | ⚠️ https://netsecfish.notion.site/Command-Injection-in-Faraday-Technology-GM828x-GM8181-DVR-1bc02d17ee5540a08273da2850e809c4?pvs=4 |
|---|
| 用户 | netsecfish (UID 64568) |
|---|
| 提交 | 2024-04-29 14時02分 (2 年前) |
|---|
| 管理 | 2024-05-07 06時57分 (8 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 263304 [Faraday GM8181/GM828x 直到 20240429 NTP Service ntp_srv 权限提升] |
|---|
| 积分 | 16 |
|---|