cvedb.io
CVE-2017-17105
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-12-19T02:29:41.550 · Last modified 2026-06-17T01:10:21.313

Summary

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.

Affected products

zivif — pr115-204-p-rs_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when zivif ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.