Sign-up

ID

VAR-201712-1125


TITLE

Vivotek Series Webcam Remote Stack Overflow Vulnerability Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-00347

DESCRIPTION

The Vivotek series of web cameras are all network camera products of China VIVOTEK. Vivotek series webcam has a remote stack overflow vulnerability. The vulnerability is due to the failure to properly use the strncpy() function. When the attacker sends an http request, the Content-Length header field exceeds the length limit, causing a buffer overflow.

Trust: 0.6

sources: CNVD: CNVD-2018-00347

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-00347

AFFECTED PRODUCTS

vendor:vivotekmodel:fd8369ascope: - version: -

Trust: 1.2

vendor:vivotekmodel:cc8160scope: - version: -

Trust: 0.6

vendor:vivotekmodel:fd8379scope: - version: -

Trust: 0.6

vendor:vivotekmodel:fd8377scope: - version: -

Trust: 0.6

vendor:vivotekmodel:fd836dscope: - version: -

Trust: 0.6

vendor:vivotekmodel:fd836bascope: - version: -

Trust: 0.6

vendor:vivotekmodel:fd836bscope: - version: -

Trust: 0.6

vendor:vivotekmodel:fd8367ascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-00347

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-00347
value: HIGH

Trust: 0.6

CNVD: CNVD-2018-00347
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2018-00347

PATCH

title:Vivotek Series Webcam Remote Stack Overflow Vulnerability Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/112619

Trust: 0.6

sources: CNVD: CNVD-2018-00347

EXTERNAL IDS

db:CNVDid:CNVD-2018-00347

Trust: 0.6

sources: CNVD: CNVD-2018-00347

REFERENCES

url:http://download.vivotek.com/downloadfile/support/cyber-security/vivotek-cyber-securi

Trust: 0.6

url:http://seclists.org/fulldisclosure/2017/nov/31

Trust: 0.6

sources: CNVD: CNVD-2018-00347

SOURCES

db:CNVDid:CNVD-2018-00347

LAST UPDATE DATE

2022-05-04T10:19:19.207000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-00347date:2018-01-05T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-00347date:2017-12-11T00:00:00