CVE-2018-17558

Name: CVE-2018-17558
Creator: NVD / NIST
Published: 2023-10-26T22:15:08.383+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 2.51%

Last modified Jun 17, 2026

CVE-2018-17558 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.. EPSS estimates a 2.51% chance of exploitation in the next 30 days.

Description

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.51%

82.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Abus	Tvip 10000 Firmware	All versions
Abus	Tvip 10001 Firmware	All versions
Abus	Tvip 10005 Firmware	All versions
Abus	Tvip 10005a Firmware	All versions
Abus	Tvip 10005b Firmware	All versions
Abus	Tvip 10050 Firmware	All versions
Abus	Tvip 10051 Firmware	All versions
Abus	Tvip 10055a Firmware	All versions
Abus	Tvip 10055b Firmware	All versions
Abus	Tvip 10500 Firmware	All versions
Abus	Tvip 10550 Firmware	All versions
Abus	Tvip 11000 Firmware	All versions
Abus	Tvip 11050 Firmware	All versions
Abus	Tvip 11500 Firmware	All versions
Abus	Tvip 11501 Firmware	All versions
Abus	Tvip 11502 Firmware	All versions
Abus	Tvip 11550 Firmware	All versions
Abus	Tvip 11551 Firmware	All versions
Abus	Tvip 11552 Firmware	All versions
Abus	Tvip 20000 Firmware	All versions
Abus	Tvip 20050 Firmware	All versions
Abus	Tvip 20500 Firmware	All versions
Abus	Tvip 20550 Firmware	All versions
Abus	Tvip 21000 Firmware	All versions
Abus	Tvip 21050 Firmware	All versions
Abus	Tvip 21500 Firmware	All versions
Abus	Tvip 21501 Firmware	All versions
Abus	Tvip 21502 Firmware	All versions
Abus	Tvip 21550 Firmware	All versions
Abus	Tvip 21551 Firmware	All versions
Abus	Tvip 21552 Firmware	All versions
Abus	Tvip 22500 Firmware	All versions
Abus	Tvip 31000 Firmware	All versions
Abus	Tvip 31001 Firmware	All versions
Abus	Tvip 31050 Firmware	All versions
Abus	Tvip 31500 Firmware	All versions
Abus	Tvip 31501 Firmware	All versions
Abus	Tvip 31550 Firmware	All versions
Abus	Tvip 31551 Firmware	All versions
Abus	Tvip 32500 Firmware	All versions
Abus	Tvip 51500 Firmware	All versions
Abus	Tvip 51550 Firmware	All versions
Abus	Tvip 71500 Firmware	All versions
Abus	Tvip 71501 Firmware	All versions
Abus	Tvip 71550 Firmware	All versions
Abus	Tvip 71551 Firmware	All versions
Abus	Tvip 72500 Firmware	All versions

References

https://sec.maride.cc/posts/abus/Exploit, Third Party Advisory
https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichenThird Party Advisory
https://sec.maride.cc/posts/abus/Exploit, Third Party Advisory
https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichenThird Party Advisory

Timeline

Published: Oct 26, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-17558?

How severe is CVE-2018-17558?

CVE-2018-17558 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.51% probability of exploitation in the next 30 days.

How do I fix CVE-2018-17558?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-17558?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST