Arbitrary OS Command Execution via Serial Connection in SmaCam CS-QR10 and CS-QR20
CVE-2022-38399 · MEDIUM Severity
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection
Learn more about our Web Application Penetration Testing UK.