Sign-up

ID

VAR-201410-0978


CVE

CVE-2014-8755


TITLE

Panasonic Network Camera View WebVideoCam ActiveX Remote code execution vulnerability

Trust: 1.1

sources: IVD: c4a09e04-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-07344 // BID: 70593

DESCRIPTION

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory.". User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the GetImageDataPrint method of the WebVideoCam ActiveX control. The issue lies in the ability to nullify an arbitrary address in memory. An attacker can leverage this vulnerability to execute code under the context of the current process. Panasonic Network Camera View is a webcam viewing app. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 3.33

sources: NVD: CVE-2014-8755 // JVNDB: JVNDB-2014-004962 // ZDI: ZDI-14-364 // CNVD: CNVD-2014-07344 // BID: 70593 // IVD: c4a09e04-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-76700

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None // IVD: c4a09e04-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-07344

AFFECTED PRODUCTS

vendor:panasonicmodel:network camera viewscope:eqversion:4.0

Trust: 1.6

vendor:panasonicmodel:network camera viewscope:eqversion:3.0

Trust: 1.6

vendor:panasonicmodel:network camera viewscope:eqversion:3

Trust: 1.4

vendor:panasonicmodel:network camera viewscope:eqversion:4

Trust: 1.4

vendor:panasonicmodel:network camera viewscope: - version: -

Trust: 0.7

vendor:network camera viewmodel: - scope:eqversion:3.0

Trust: 0.2

vendor:network camera viewmodel: - scope:eqversion:4.0

Trust: 0.2

sources: IVD: c4a09e04-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-14-364 // CNVD: CNVD-2014-07344 // JVNDB: JVNDB-2014-004962 // CNNVD: CNNVD-201410-597 // NVD: CVE-2014-8755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8755
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8755
value: MEDIUM

Trust: 0.8

ZDI: CVE-2014-8755
value: HIGH

Trust: 0.7

CNVD: CNVD-2014-07344
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201410-597
value: MEDIUM

Trust: 0.6

IVD: c4a09e04-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-76700
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8755
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2014-8755
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2014-07344
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: c4a09e04-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-76700
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: c4a09e04-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-14-364 // CNVD: CNVD-2014-07344 // VULHUB: VHN-76700 // JVNDB: JVNDB-2014-004962 // CNNVD: CNNVD-201410-597 // NVD: CVE-2014-8755

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-76700 // JVNDB: JVNDB-2014-004962 // NVD: CVE-2014-8755

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-597

TYPE

Input validation

Trust: 0.8

sources: IVD: c4a09e04-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201410-597

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004962

PATCH
title:Update for Network Camera View 3,4url:http://security.panasonic.com/pss/security/library/howto_update_NCV.html
Trust: 1.5
title:Panasonic Network Camera View WebVideoCam ActiveX Remote Code Execution Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/51309
Trust: 0.6
title:nwcv_3_4_updateurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52078
Trust: 0.6
sources:
            
            
            ZDI: ZDI-14-364 // 
            
            
            
            CNVD: CNVD-2014-07344 // 
            
            
            
            JVNDB: JVNDB-2014-004962 // 
            
            
            
            CNNVD: CNNVD-201410-597

EXTERNAL IDS
db:NVDid:CVE-2014-8755
Trust: 4.4
db:ZDIid:ZDI-14-364
Trust: 3.8
db:BIDid:70593
Trust: 1.0
db:CNNVDid:CNNVD-201410-597
Trust: 0.9
db:CNVDid:CNVD-2014-07344
Trust: 0.8
db:JVNDBid:JVNDB-2014-004962
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2357
Trust: 0.7
db:IVDid:C4A09E04-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-76700
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            IVD: c4a09e04-2351-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-14-364 // 
            
            
            
            CNVD: CNVD-2014-07344 // 
            
            
            
            VULHUB: VHN-76700 // 
            
            
            
            BID: 70593 // 
            
            
            
            JVNDB: JVNDB-2014-004962 // 
            
            
            
            CNNVD: CNNVD-201410-597 // 
            
            
            
            NVD: CVE-2014-8755

REFERENCES
url:http://www.zerodayinitiative.com/advisories/zdi-14-364/
Trust: 3.1
url:http://security.panasonic.com/pss/security/library/howto_update_ncv.html
Trust: 2.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8755
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8755
Trust: 0.8
url:http://panasonic.com/
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            ZDI: ZDI-14-364 // 
            
            
            
            CNVD: CNVD-2014-07344 // 
            
            
            
            VULHUB: VHN-76700 // 
            
            
            
            BID: 70593 // 
            
            
            
            JVNDB: JVNDB-2014-004962 // 
            
            
            
            CNNVD: CNNVD-201410-597 // 
            
            
            
            NVD: CVE-2014-8755

CREDITS
Ariele Caltabiano (kimiya)
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-364

SOURCES
db:OTHERid: - 
db:IVDid:c4a09e04-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-14-364
db:CNVDid:CNVD-2014-07344
db:VULHUBid:VHN-76700
db:BIDid:70593
db:JVNDBid:JVNDB-2014-004962
db:CNNVDid:CNNVD-201410-597
db:NVDid:CVE-2014-8755

LAST UPDATE DATE
2025-04-13T21:46:23.237000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-364date:2014-10-14T00:00:00
db:CNVDid:CNVD-2014-07344date:2014-10-24T00:00:00
db:VULHUBid:VHN-76700date:2014-12-16T00:00:00
db:BIDid:70593date:2014-10-15T00:00:00
db:JVNDBid:JVNDB-2014-004962date:2014-10-24T00:00:00
db:CNNVDid:CNNVD-201410-597date:2014-10-22T00:00:00
db:NVDid:CVE-2014-8755date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:c4a09e04-2351-11e6-abef-000c29c66e3ddate:2014-10-24T00:00:00
db:ZDIid:ZDI-14-364date:2014-10-14T00:00:00
db:CNVDid:CNVD-2014-07344date:2014-10-24T00:00:00
db:VULHUBid:VHN-76700date:2014-10-17T00:00:00
db:BIDid:70593date:2014-10-15T00:00:00
db:JVNDBid:JVNDB-2014-004962date:2014-10-24T00:00:00
db:CNNVDid:CNNVD-201410-597date:2014-10-22T00:00:00
db:NVDid:CVE-2014-8755date:2014-10-17T15:55:08.430