CVE-2018-17879

Name: CVE-2018-17879
Creator: NVD / NIST
Published: 2023-10-26T22:15:08.517+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 21.85%

Last modified Jun 17, 2026

CVE-2018-17879 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. EPSS estimates a 21.85% chance of exploitation in the next 30 days.

Description

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

21.85%

97.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Abus	Tvip 10000 Firmware	All versions
Abus	Tvip 10001 Firmware	All versions
Abus	Tvip 10005 Firmware	All versions
Abus	Tvip 10005a Firmware	All versions
Abus	Tvip 10005b Firmware	All versions
Abus	Tvip 10050 Firmware	All versions
Abus	Tvip 10051 Firmware	All versions
Abus	Tvip 10055a Firmware	All versions
Abus	Tvip 10055b Firmware	All versions
Abus	Tvip 10500 Firmware	All versions
Abus	Tvip 10550 Firmware	All versions
Abus	Tvip 11000 Firmware	All versions
Abus	Tvip 11050 Firmware	All versions
Abus	Tvip 11500 Firmware	All versions
Abus	Tvip 11501 Firmware	All versions
Abus	Tvip 11502 Firmware	All versions
Abus	Tvip 11550 Firmware	All versions
Abus	Tvip 11551 Firmware	All versions
Abus	Tvip 11552 Firmware	All versions
Abus	Tvip 20000 Firmware	All versions
Abus	Tvip 20050 Firmware	All versions
Abus	Tvip 20500 Firmware	All versions
Abus	Tvip 20550 Firmware	All versions
Abus	Tvip 21000 Firmware	All versions
Abus	Tvip 21050 Firmware	All versions
Abus	Tvip 21500 Firmware	All versions
Abus	Tvip 21501 Firmware	All versions
Abus	Tvip 21502 Firmware	All versions
Abus	Tvip 21550 Firmware	All versions
Abus	Tvip 21551 Firmware	All versions
Abus	Tvip 21552 Firmware	All versions
Abus	Tvip 22500 Firmware	All versions
Abus	Tvip 31000 Firmware	All versions
Abus	Tvip 31001 Firmware	All versions
Abus	Tvip 31050 Firmware	All versions
Abus	Tvip 31500 Firmware	All versions
Abus	Tvip 31501 Firmware	All versions
Abus	Tvip 31550 Firmware	All versions
Abus	Tvip 31551 Firmware	All versions
Abus	Tvip 32500 Firmware	All versions
Abus	Tvip 51500 Firmware	All versions
Abus	Tvip 51550 Firmware	All versions
Abus	Tvip 71500 Firmware	All versions
Abus	Tvip 71501 Firmware	All versions
Abus	Tvip 71550 Firmware	All versions
Abus	Tvip 71551 Firmware	All versions
Abus	Tvip 72500 Firmware	All versions

References

https://sec.maride.cc/posts/abus/#cve-2018-17879Exploit, Third Party Advisory
https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichenThird Party Advisory
https://sec.maride.cc/posts/abus/#cve-2018-17879Exploit, Third Party Advisory
https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichenThird Party Advisory

Timeline

Published: Oct 26, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-17879?

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

How severe is CVE-2018-17879?

CVE-2018-17879 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 21.85% probability of exploitation in the next 30 days.

How do I fix CVE-2018-17879?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-17879?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST