CVE-2017-17761

Critical CVSS 9.8

Overview

An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response.

CWE: N/A Published: 2017-12-19T21:29:00.213

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags