Arbitrary OS Command Execution via Serial Connection in SmaCam CS-QR10 and CS-QR20

Arbitrary OS Command Execution via Serial Connection in SmaCam CS-QR10 and CS-QR20

CVE-2022-38399 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection

Learn more about our Web Application Penetration Testing UK.