Dgm3103Sct
Monthly
Privileged OS command injection in the AVTECH Security Corporation DGM3103SCT surveillance device lets an authenticated user of the web management console inject operating-system commands that run with root privilege (CWE-78). Disclosed via JPCERT/CC coordination (JVN28979424), it carries CVSS 4.0 base 8.6 with no public exploit identified at time of analysis. Because the CVSS vector requires high privileges (PR:H), exploitation presumes a logged-in administrative web user, but successful abuse yields full root-level device takeover.
Privileged OS command injection in the AVTECH Security Corporation DGM3103SCT surveillance device lets an authenticated user of the web management console inject operating-system commands that run with root privilege (CWE-78). Disclosed via JPCERT/CC coordination (JVN28979424), it carries CVSS 4.0 base 8.6 with no public exploit identified at time of analysis. Because the CVSS vector requires high privileges (PR:H), exploitation presumes a logged-in administrative web user, but successful abuse yields full root-level device takeover.