MVPower DVR Remote Command Execution

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by a remote command execution
vulnerability

Description :

The remote AOST-based network video recorder distributed by
MVPower is affected by a remote command execution vulnerability.
An unauthenticated remote attacker can use this vulnerability to
execute operating system commands as root.

This vulnerability has been used by the IoT Reaper botnet.

See also :

https://www.pentestpartners.com/security-blog/pwning-cctv-cameras/
http://www.nessus.org/u?197042fe

Solution :

There is no patch to this vulnerability

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: CGI abuses

Nessus Plugin ID: 104144 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now