Описание
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
Ссылки
- ExploitThird Party Advisory
- https://www.vdalabs.com/2018/11/29/professional-iot-hacking-series-hunting-remote-memory-corruption/ExploitThird Party Advisory
- ExploitThird Party Advisory
- https://www.vdalabs.com/2018/11/29/professional-iot-hacking-series-hunting-remote-memory-corruption/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:vivotek:fd8136_firmware:0301a:*:*:*:*:*:*:*
cpe:2.3:h:vivotek:fd8136:-:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04783
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi.
EPSS
Процентиль: 89%
0.04783
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787