CVE-2019-8387 – CVE-2019-8387 allows remote attackers to execut... (How to Fix)

Q: What is the severity of CVE-2019-8387?

CVE-2019-8387 has a CVSS score of 9.8 (CRITICAL). CVE-2019-8387 allows remote attackers to execute arbitrary commands on MASTER IPCAMERA01 devices via the thttpd component. This affects MASTER IPCAMERA01 version 3.3.4.2103, enabling complete device compromise. Anyone using these vulnerable IP cameras is at risk.

📋 TL;DR

CVE-2019-8387 allows remote attackers to execute arbitrary commands on MASTER IPCAMERA01 devices via the thttpd component. This affects MASTER IPCAMERA01 version 3.3.4.2103, enabling complete device compromise. Anyone using these vulnerable IP cameras is at risk.

💻 Affected Systems

Products:

MASTER IPCAMERA01

Versions: 3.3.4.2103

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the thttpd web server component. All devices running this firmware version are vulnerable.

📦 What is this software?

Master Ip Camera01 Firmware by Barni

View all CVEs affecting Master Ip Camera01 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device takeover, camera feed interception, lateral movement to internal networks, persistent backdoor installation, and use in botnets.

🟠

Likely Case

Camera feed hijacking, device bricking, credential theft, and surveillance system disruption.

🟢

If Mitigated

Limited impact if isolated in separate VLAN with strict firewall rules and no internet exposure.

🌐 Internet-Facing: HIGH - Direct internet exposure allows remote attackers to exploit without authentication.

🏢 Internal Only: MEDIUM - Requires internal network access but exploitation is still unauthenticated.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public exploits exist. Exploitation requires network access to the camera's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider replacing affected devices with supported models.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras in separate VLAN with strict firewall rules blocking all inbound traffic.

Disable Remote Access

all

Turn off UPnP, disable port forwarding, and ensure cameras are not internet-facing.

🧯 If You Can't Patch

Segment cameras in isolated network with no internet access
Implement strict firewall rules blocking all unnecessary ports (especially 80/443)

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface. If version is 3.3.4.2103, device is vulnerable.

Check Version:

Access camera web interface and check firmware version in settings.

Verify Fix Applied:

No fix available. Verify workarounds by testing network isolation and firewall rules.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in thttpd logs
Multiple failed login attempts
Unexpected process creation

Network Indicators:

Unusual outbound connections from camera
Exploit payload patterns in HTTP requests
Port scanning from camera IP

SIEM Query:

source="camera_logs" AND ("thttpd" AND "exec" OR "system")

📊 Metadata

CVE ID: CVE-2019-8387

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: May 8, 2019

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/151725/Master-IP-CAM-01-3.3.4.2103-Remote-Command-Execution.html Exploit,Third Party Advisory,VDB Entry
https://syrion.me/blog/ Third Party Advisory
https://www.exploit-db.com/exploits/46400/ Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/151725/Master-IP-CAM-01-3.3.4.2103-Remote-Command-Execution.html Exploit,Third Party Advisory,VDB Entry
https://syrion.me/blog/ Third Party Advisory
https://www.exploit-db.com/exploits/46400/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON