Details of VAR-201905-0909

ID

VAR-201905-0909

CVE

CVE-2019-11878

TITLE

xiongmaitech of besder ip20h1 Integer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-016861

DESCRIPTION

An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds. xiongmaitech of besder ip20h1 An integer overflow vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. XiongMai Besder IP20H1 is an IP camera produced by China XiongMai Technology (XiongMai). An input validation error vulnerability exists in XiongMai Besder IP20H1 4.02.R12.00035520.12012.047500.00200 version. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2019-11878 // JVNDB: JVNDB-2019-016861 // VULHUB: VHN-143568

IOT TAXONOMY

category:

['camera device']

sub_category:

camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	xiongmaitech	model:	besder ip20h1	scope:	eq	version:	4.02.r12.00035520.12012.047500.00200	Trust: 1.0
vendor:	xiongmaitech	model:	besder ip20h1	scope:	eq	version:	-	Trust: 0.8
vendor:	xiongmaitech	model:	besder ip20h1	scope:	eq	version:	besder ip20h1 firmware 4.02.r12.00035520.12012.047500.00200	Trust: 0.8
vendor:	xiongmaitech	model:	besder ip20h1	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-016861 // NVD: CVE-2019-11878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11878
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-11878
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-250
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-143568
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-11878
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-143568
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11878
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-143568 // JVNDB: JVNDB-2019-016861 // CNNVD: CNNVD-201905-250 // NVD: CVE-2019-11878

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-143568 // JVNDB: JVNDB-2019-016861 // NVD: CVE-2019-11878

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201905-250

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-250

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11878	Trust: 3.4
db:	JVNDB	id:	JVNDB-2019-016861	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-250	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-143568	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-143568 // JVNDB: JVNDB-2019-016861 // CNNVD: CNNVD-201905-250 // NVD: CVE-2019-11878

REFERENCES

url:	http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html	Trust: 2.5
url:	https://www.youtube.com/watch?v=snypjtddmfq	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11878	Trust: 1.4
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-143568 // JVNDB: JVNDB-2019-016861 // CNNVD: CNNVD-201905-250 // NVD: CVE-2019-11878

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-143568
db:	JVNDB	id:	JVNDB-2019-016861
db:	CNNVD	id:	CNNVD-201905-250
db:	NVD	id:	CVE-2019-11878

LAST UPDATE DATE

2025-01-30T21:03:15.407000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-143568	date:	2019-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-016861	date:	2024-07-18T10:27:00
db:	CNNVD	id:	CNNVD-201905-250	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-11878	date:	2024-11-21T04:21:56.580

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-143568	date:	2019-05-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-016861	date:	2024-07-18T00:00:00
db:	CNNVD	id:	CNNVD-201905-250	date:	2019-05-10T00:00:00
db:	NVD	id:	CVE-2019-11878	date:	2019-05-10T15:29:02.667