CVE-2017-17105

Name: CVE-2017-17105
Creator: NVD / NIST
Published: 2017-12-19T02:29:41.55+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 84.56%

Last modified Jun 17, 2026

CVE-2017-17105 is a vulnerability of currently unknown severity. Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.. EPSS estimates a 84.56% chance of exploitation in the next 30 days.

Description

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.

Metrics

EPSS Probability

84.56%

99.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Zivif	Pr115-204-P-Rs Firmware	2.3.4.2103
Zivif	Pr115-204-P-Rs Firmware	4.7.4.2121

References

http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/158120/Zivif-Camera-2.3.4.2103-iptest.cgi-Blind-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2017/Dec/42Exploit, Mailing List, Third Party Advisory
https://twitter.com/silascutler/status/938052460328968192Third Party Advisory
http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/158120/Zivif-Camera-2.3.4.2103-iptest.cgi-Blind-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2017/Dec/42Exploit, Mailing List, Third Party Advisory
https://twitter.com/silascutler/status/938052460328968192Third Party Advisory

Timeline

Published: Dec 19, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-17105?

How severe is CVE-2017-17105?

Severity scoring for CVE-2017-17105 is pending analysis. The EPSS model estimates a 84.56% probability of exploitation in the next 30 days.

How do I fix CVE-2017-17105?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-17105?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST