A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.
Credits
Fukuhara Rikuto of Smooth Inc. (CTO) and Hosei University reported this vulnerability to CISA.
