go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


SpotCam Co., Ltd. SpotCamFHD - Command Injection

TVN ID TVN-202308005
CVE ID CVE-2023-38025
CVSS 9.8 (Critical)
Affected Products SpotCam FHD 2: 1.0036
Description SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.
Solution update version to 1.0039 or later
Credit Lee Pu、Weber Tasi、KaiChing Wang(CHT Security)
Public Date 2023-09-19