CVE-2018-17879 is a critical-severity OS Command Injection (CWE-78) vulnerability in Abus Tvip 10000 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.
Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.