Sign-up

ID

VAR-201906-0708


CVE

CVE-2017-10720


TITLE

Shekar Endoscope Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014514

DESCRIPTION

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangename" which allows a user to change the Wi-Fi name on the device. This function calls a sub function "sub_75876EA0" at address 0x758784F8. The function determines which action to execute based on the parameters sent to it. The "sendchangename" passes the datastring as the second argument which is the name we enter in the textbox and integer 1 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 1, it jumps to 0x75876F20 and proceeds from there to address 0x75876F56 which calculates the length of the data string passed as the first parameter. This length and the first argument are then passed to the address 0x75877001 which calls the memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKARTechnologyEndoscope is a portable endoscope device from SHEKARTechnology, China. A buffer overflow vulnerability exists in SHEKARTechnologyEndoscope. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.34

sources: NVD: CVE-2017-10720 // JVNDB: JVNDB-2017-014514 // CNVD: CNVD-2019-18876 // VULHUB: VHN-101071 // VULMON: CVE-2017-10720

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device', 'other device']sub_category:camera

Trust: 0.1

category:['camera device', 'other device']sub_category:general

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-18876

AFFECTED PRODUCTS

vendor:ishekarmodel:endoscope camerascope:eqversion:*

Trust: 1.0

vendor:shekarmodel:endoscopescope: - version: -

Trust: 0.8

vendor:shekarmodel:technology endoscopescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-18876 // JVNDB: JVNDB-2017-014514 // NVD: CVE-2017-10720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10720
value: HIGH

Trust: 1.0

NVD: CVE-2017-10720
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-18876
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-669
value: HIGH

Trust: 0.6

VULHUB: VHN-101071
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-10720
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10720
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-18876
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-101071
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10720
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-18876 // VULHUB: VHN-101071 // VULMON: CVE-2017-10720 // JVNDB: JVNDB-2017-014514 // CNNVD: CNNVD-201906-669 // NVD: CVE-2017-10720

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-101071 // JVNDB: JVNDB-2017-014514 // NVD: CVE-2017-10720

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-669

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-669

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014514

PATCH
title:endoscopeurl:http://ishekar.com/en/Products/endoscope/
Trust: 0.8
title:IoT_vulnerabilitiesurl:https://github.com/ethanhunnt/IoT_vulnerabilities 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-10720 // 
            
            
            
            JVNDB: JVNDB-2017-014514

EXTERNAL IDS
db:NVDid:CVE-2017-10720
Trust: 3.4
db:PACKETSTORMid:153241
Trust: 1.9
db:JVNDBid:JVNDB-2017-014514
Trust: 0.8
db:CNNVDid:CNNVD-201906-669
Trust: 0.7
db:CNVDid:CNVD-2019-18876
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-101071
Trust: 0.1
db:VULMONid:CVE-2017-10720
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-18876 // 
            
            
            
            VULHUB: VHN-101071 // 
            
            
            
            VULMON: CVE-2017-10720 // 
            
            
            
            JVNDB: JVNDB-2017-014514 // 
            
            
            
            PACKETSTORM: 153241 // 
            
            
            
            CNNVD: CNNVD-201906-669 // 
            
            
            
            NVD: CVE-2017-10720

REFERENCES
url:https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2017-10720
Trust: 2.1
url:https://seclists.org/bugtraq/2019/jun/8
Trust: 1.8
url:http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10720
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ethanhunnt/iot_vulnerabilities
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10722
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10718
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10721
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10719
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10723
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-10724
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-18876 // 
            
            
            
            VULHUB: VHN-101071 // 
            
            
            
            VULMON: CVE-2017-10720 // 
            
            
            
            JVNDB: JVNDB-2017-014514 // 
            
            
            
            PACKETSTORM: 153241 // 
            
            
            
            CNNVD: CNNVD-201906-669 // 
            
            
            
            NVD: CVE-2017-10720

CREDITS
Mandar Satam
Trust: 0.1
sources:
            
            
            PACKETSTORM: 153241

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2019-18876
db:VULHUBid:VHN-101071
db:VULMONid:CVE-2017-10720
db:JVNDBid:JVNDB-2017-014514
db:PACKETSTORMid:153241
db:CNNVDid:CNNVD-201906-669
db:NVDid:CVE-2017-10720

LAST UPDATE DATE
2025-01-30T21:56:38.847000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-18876date:2019-06-24T00:00:00
db:VULHUBid:VHN-101071date:2019-06-20T00:00:00
db:VULMONid:CVE-2017-10720date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2017-014514date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-669date:2019-06-21T00:00:00
db:NVDid:CVE-2017-10720date:2024-11-21T03:06:20.083

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-18876date:2019-06-20T00:00:00
db:VULHUBid:VHN-101071date:2019-06-17T00:00:00
db:VULMONid:CVE-2017-10720date:2019-06-17T00:00:00
db:JVNDBid:JVNDB-2017-014514date:2019-06-24T00:00:00
db:PACKETSTORMid:153241date:2019-06-09T09:32:22
db:CNNVDid:CNNVD-201906-669date:2019-06-17T00:00:00
db:NVDid:CVE-2017-10720date:2019-06-17T22:15:10.030