This script is Copyright (C) 2017 Tenable Network Security, Inc.
The Vocran network video recorder is affected by a remote command
The remote Vocran network video recorder is affected by a remote
command execution vulnerability due to improper sanitization of
user-supplied input passed via /board.cgi. An unauthenticated
remote attacker can exploit this, via a specially crafted URL, to
execute arbitrary commands on the device.
This vulnerability has been used by the IoT Reaper botnet.
Note that Nessus has detected this vulnerability by reading the
contents of the file /proc/cpuinfo.
See also :
At time of publication, Vacron had not yet released a patch. Users
should take precautions to ensure affected devices are not exposed
to the internet and that the devices are properly isolated on the
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now