Command Execution Vulnerability in Schneider Electric's Pelco Sarix Professional Firmware

Command Execution Vulnerability in Schneider Electric's Pelco Sarix Professional Firmware

CVE-2018-7233 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.

Learn more about our Web Application Penetration Testing UK.