What is CVE-2016-20016?

CVE-2016-20016 is a vulnerability in N/a. Published 2022-10-19.

Is CVE-2016-20016 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerabilit…

EPSS: 0.906 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cve-scores
Carlos5F5/EscanerWeb_
Live-Hack-CVE/CVE-2016-20016

References

www.pentestpartners.com/security-blog/pwning-cctv-cameras/
blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
www.exploit-db.com/exploits/41471

Frequently asked questions

What is CVE-2016-20016?: CVE-2016-20016 is a vulnerability in N/a. Published 2022-10-19.
Is CVE-2016-20016 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.