Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device.
The following versions of H.VIEW HV-500S6 IP Camera are affected:
H.VIEW HV-500S6 IP Camera IPCAM_V4.06.88.251229
Vendor
Equipment
H.VIEW
H.VIEW HV-500S6 IP Camera
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Unrestricted Upload of File with Dangerous Type
Critical Infrastructure Sectors: Commercial Facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: China
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution ...
Read the full advisory on CISA →