CVE-2024-48214

HIGH Year: 2024
CVSS v3 Score
8.4
High
Weakness Type
CWE-77
View all →

Vulnerability Description

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera.

Related Vulnerabilities

CVE-2020-14433

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS...

CWE-772020

CVE-2020-14434

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RB...

CWE-772020

CVE-2020-35777

HIGH
CVSS:8.4(High)

NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.

CWE-772020

CVE-2021-29069

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

CWE-772021

CVE-2021-29070

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and...

CWE-772021

CVE-2021-29072

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and...

CWE-772021