Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
