Arbitrary Command Execution Vulnerability in AXIS Network Cameras' devtools.sh Script

Arbitrary Command Execution Vulnerability in AXIS Network Cameras' devtools.sh Script

CVE-2015-8257 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.

Learn more about our Network Penetration Testing.