CVE-2025-8613
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-04

Assigner: Zero Day Initiative

Description
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-25892.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-04
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-14
NVD
CVE-2025-8613
EUVD
EUVD-2025-26441
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vacron camera 3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-8613 is a remote code execution vulnerability in Vacron Camera devices, specifically in the webs.cgi endpoint. It occurs because the device does not properly validate a user-supplied string before using it in a system call. This flaw allows an authenticated remote attacker to execute arbitrary code with root privileges on the affected device. [1]

Impact Analysis

This vulnerability can allow an authenticated attacker to execute arbitrary code with root privileges on the affected Vacron Camera device. This means the attacker can take full control of the device, potentially compromising confidentiality, integrity, and availability of the system and any data it handles. [1]

Mitigation Strategies

The primary mitigation is to restrict interaction with the affected Vacron Camera devices, specifically limiting access to the vulnerable webs.cgi endpoint to prevent exploitation. Since authentication is required for exploitation, ensure strong authentication controls are in place and consider isolating or segmenting the affected devices from untrusted networks. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8613. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart