Smartwares Cameras Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in Smartwares cameras CIP-37210AT and C724IP, as well as other models sharing the same firmware, all through version 3.3.0. The vulnerability arises during the initialization process when users input Access Point credentials via a mobile app. This input is not properly sanitized, allowing for command injection. The vendor has not responded to reports, leaving the patching status unknown, and newer firmware versions may also be vulnerable.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Smartwares Cameras Command Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating