Sign-up

ID

VAR-201904-0921


CVE

CVE-2019-11417


TITLE

TRENDnet TV-IP110WN Buffer error vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2019-003817

DESCRIPTION

system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68. TRENDnet TV-IP110WN The camera contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTV-IP110WN is a wireless webcam from TRENDnet. A buffer overflow vulnerability exists in the system.cgi file in TRENDnetTV-IP110WN. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing incorrect read and write to other associated memory locations. operating. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. write operation

Trust: 2.34

sources: NVD: CVE-2019-11417 // JVNDB: JVNDB-2019-003817 // CNVD: CNVD-2019-16064 // VULHUB: VHN-143061 // VULMON: CVE-2019-11417

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-16064

AFFECTED PRODUCTS

vendor:trendnetmodel:tv-ip110wnscope:eqversion:1.2.2.28

Trust: 1.0

vendor:trendnetmodel:tv-ip110wnscope:eqversion:1.2.2.64

Trust: 1.0

vendor:trendnetmodel:tv-ip110wnscope:eqversion:1.2.2.65

Trust: 1.0

vendor:trendnetmodel:tv-ip110wnscope:eqversion:1.2.2.68

Trust: 1.0

vendor:trendnetmodel:tv-ip110wnscope:eqversion:1.2.2 build 28

Trust: 0.8

vendor:trendnetmodel:tv-ip110wnscope:eqversion:1.2.2 build 64

Trust: 0.8

vendor:trendnetmodel:tv-ip110wnscope:eqversion:1.2.2 build 65

Trust: 0.8

vendor:trendnetmodel:tv-ip110wnscope:eqversion:1.2.2 build 68

Trust: 0.8

vendor:trendnetmodel:tv-ip110wn buildscope:eqversion:1.2.228

Trust: 0.6

vendor:trendnetmodel:tv-ip110wnscope:eqversion:64

Trust: 0.6

vendor:trendnetmodel:tv-ip110wnscope:eqversion:65

Trust: 0.6

vendor:trendnetmodel:tv-ip110wnscope:eqversion:68

Trust: 0.6

sources: CNVD: CNVD-2019-16064 // JVNDB: JVNDB-2019-003817 // NVD: CVE-2019-11417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11417
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-11417
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-16064
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201904-1017
value: CRITICAL

Trust: 0.6

VULHUB: VHN-143061
value: HIGH

Trust: 0.1

VULMON: CVE-2019-11417
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11417
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-16064
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-143061
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11417
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-16064 // VULHUB: VHN-143061 // VULMON: CVE-2019-11417 // JVNDB: JVNDB-2019-003817 // CNNVD: CNNVD-201904-1017 // NVD: CVE-2019-11417

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-143061 // JVNDB: JVNDB-2019-003817 // NVD: CVE-2019-11417

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1017

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-1017

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003817

PATCH
title:Top Pageurl:https://www.trendnet.com/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003817

EXTERNAL IDS
db:NVDid:CVE-2019-11417
Trust: 3.2
db:JVNDBid:JVNDB-2019-003817
Trust: 0.8
db:CNNVDid:CNNVD-201904-1017
Trust: 0.7
db:CNVDid:CNVD-2019-16064
Trust: 0.6
db:VULHUBid:VHN-143061
Trust: 0.1
db:VULMONid:CVE-2019-11417
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-16064 // 
            
            
            
            VULHUB: VHN-143061 // 
            
            
            
            VULMON: CVE-2019-11417 // 
            
            
            
            JVNDB: JVNDB-2019-003817 // 
            
            
            
            CNNVD: CNNVD-201904-1017 // 
            
            
            
            NVD: CVE-2019-11417

REFERENCES
url:https://github.com/zyw-200/iotfuzzer/blob/master/trendnet_response.png
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11417
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-11417
Trust: 1.4
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-16064 // 
            
            
            
            VULHUB: VHN-143061 // 
            
            
            
            VULMON: CVE-2019-11417 // 
            
            
            
            JVNDB: JVNDB-2019-003817 // 
            
            
            
            CNNVD: CNNVD-201904-1017 // 
            
            
            
            NVD: CVE-2019-11417

SOURCES
db:CNVDid:CNVD-2019-16064
db:VULHUBid:VHN-143061
db:VULMONid:CVE-2019-11417
db:JVNDBid:JVNDB-2019-003817
db:CNNVDid:CNNVD-201904-1017
db:NVDid:CVE-2019-11417

LAST UPDATE DATE
2024-11-23T22:17:04.977000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-16064date:2019-05-30T00:00:00
db:VULHUBid:VHN-143061date:2019-04-23T00:00:00
db:VULMONid:CVE-2019-11417date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-003817date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-1017date:2019-04-24T00:00:00
db:NVDid:CVE-2019-11417date:2024-11-21T04:21:04.480

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-16064date:2019-05-30T00:00:00
db:VULHUBid:VHN-143061date:2019-04-22T00:00:00
db:VULMONid:CVE-2019-11417date:2019-04-22T00:00:00
db:JVNDBid:JVNDB-2019-003817date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-1017date:2019-04-22T00:00:00
db:NVDid:CVE-2019-11417date:2019-04-22T11:29:05.517