CVE-2014-1201

Sažetak

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.

Reference

http://osvdb.org/101903
http://www.securityfocus.com/archive/1/530739/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/90223
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-10-2018 - 19:42

Objavljeno

15-01-2014 - 16:08