go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


SpotCam Co., Ltd. SpotCam Sense - Command Injection

TVN ID TVN-202308007
CVE ID CVE-2023-38027
CVSS 9.8 (Critical)
Affected Products SpotCam Sense: 2.2044
Description SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.
Solution update version to v2.2046 or later
Credit Lee Pu、Weber Tasi、KaiChing Wang(CHT Security)
Public Date 2023-09-19