ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution

ABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh.

abus access camera code code execution command command injection credential file hardcoded inclusion injection lfi local remote access remote code remote code execution root security security camera ssh version vulnerabilities