A triple-exploit chain. auth bypass (1) to exposed dbus interface (2) to command injection (3) (from @da_667@infosec.exchange)

Created on 2025-01-23 08:14 and updated on 2025-01-23 08:14.

Description

A triple-exploit chain. auth bypass (1) to exposed dbus interface (2) to command injection (3): https://www.exploit-db.com/exploits/45100

Vulnerabilities included in this bundle

CVE-2018-10660: An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
CVE-2018-10662: An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
CVE-2018-10661: An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.

Meta

[
   {
      ref: [
         "https://www.exploit-db.com/exploits/45100",
         "https://infosec.exchange/@da_667/113873811076719061",
      ],
   },
]

Author

Cédric Bonhomme

Combined sightings

Author	Vulnerability	Source	Type	Date
automation	CVE-2018-10660	MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd	seen	1 month ago
automation	CVE-2018-10660	MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd	seen	1 month ago
automation	CVE-2018-10660	https://www.exploit-db.com/exploits/45100	exploited	6 years ago
automation	CVE-2018-10662	MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd	seen	1 month ago
automation	CVE-2018-10662	MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd	seen	1 month ago
automation	CVE-2018-10662	https://www.exploit-db.com/exploits/45100	exploited	6 years ago
automation	CVE-2018-10661	MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd	seen	1 month ago
automation	CVE-2018-10661	MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd	seen	1 month ago
automation	CVE-2018-10661	https://www.exploit-db.com/exploits/45100	exploited	6 years ago