|    |    |    | Today: 21-Nov-2019 |

Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution

November 1, 2017 | Posted in ExploitAlert

Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.


Source: Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution

Taged in: Exploit