An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload
An attacker with local access to the device can deliver a specially crafted payload that leads to arbitrary code execution on the device. The vulnerability is classified as CWE-94 (improper control of generation of code), which suggests the possibility of code injection and execution of malicious code. The detailed mechanism of the vulnerability has not been disclosed in the available description.
An attacker can gain full control over the device by executing arbitrary code with the privileges of the camera system, which may lead to violations of confidentiality, integrity, and availability of the device and data captured by it.
Patches available from the manufacturer should be applied according to the references. It is also recommended to restrict physical and network access to the device and monitor device activity until updates are applied.
D3D Security D8801 IP Camera with software version V9.1.17.1.4-20180428
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HD3dsecurity D8801
HWD3Dsecuritywszystkie wersjeD3dsecurity D8801 Firmware
OSD3Dsecurity9.1.17.1.4-20180428