Vocran NVR Remote Command Execution

Critical Nessus Plugin ID 104124


The Vocran network video recorder is affected by a remote command execution vulnerability.


The remote Vocran network video recorder is affected by a remote command execution vulnerability due to improper sanitization of user-supplied input passed via /board.cgi. An unauthenticated remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device.

This vulnerability has been used by the IoT Reaper botnet.

Note that Nessus has detected this vulnerability by reading the contents of the file /proc/cpuinfo.


At time of publication, Vacron had not yet released a patch. Users should take precautions to ensure affected devices are not exposed to the internet and that the devices are properly isolated on the local network.

See Also



Plugin Details

Severity: Critical

ID: 104124

File Name: vacron_nvr_cmd_exec.nasl

Version: $Revision: 1.2 $

Type: remote

Family: CGI abuses

Published: 2017/10/24

Modified: 2017/10/25

Dependencies: 104125

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 10

Temporal Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

Required KB Items: installed_sw/Vocran NVR

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 2017/10/12

Reference Information

OSVDB: 167152