Details of VAR-201906-0710

ID

VAR-201906-0710

CVE

CVE-2017-10722

TITLE

Shekar Endoscope Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014516

DESCRIPTION

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangepass" which allows a user to change the Wi-Fi password on the device. This function calls a sub function "sub_75876EA0" at address 0x7587857C. The function determines which action to execute based on the parameters sent to it. The "sendchangepass" passes the datastring as the second argument which is the password we enter in the textbox and integer 2 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 2, it jumps to 0x7587718C and proceeds from there to address 0x758771C2 which calculates the length of the data string passed as the first parameter.This length and the first argument are then passed to the address 0x7587726F which calls a memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow. Shekar Endoscope Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SHEKAR Technology Endoscope is a portable endoscope device from China SHEKAR Technology Company. A buffer error vulnerability exists in SHEKAR Technology Endoscope. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2017-10722 // JVNDB: JVNDB-2017-014516 // VULHUB: VHN-101073 // VULMON: CVE-2017-10722

IOT TAXONOMY

category:	['camera device', 'other device']	sub_category:	camera	Trust: 0.1
category:	['camera device', 'other device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	ishekar	model:	endoscope camera	scope:	eq	version:	*	Trust: 1.0
vendor:	shekar	model:	endoscope	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2017-014516 // NVD: CVE-2017-10722

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-10722
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-10722
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201906-671
value:	HIGH
Trust: 0.6
VULHUB:	VHN-101073
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-10722
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-10722
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-101073
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-10722
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-101073 // VULMON: CVE-2017-10722 // JVNDB: JVNDB-2017-014516 // CNNVD: CNNVD-201906-671 // NVD: CVE-2017-10722

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-101073 // JVNDB: JVNDB-2017-014516 // NVD: CVE-2017-10722

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-671

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-671

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014516

PATCH

title:	endoscope	url:	http://ishekar.com/en/Products/endoscope/	Trust: 0.8
title:	IoT_vulnerabilities	url:	https://github.com/ethanhunnt/IoT_vulnerabilities	Trust: 0.1

sources: VULMON: CVE-2017-10722 // JVNDB: JVNDB-2017-014516

EXTERNAL IDS

db:	NVD	id:	CVE-2017-10722	Trust: 2.8
db:	PACKETSTORM	id:	153241	Trust: 1.9
db:	JVNDB	id:	JVNDB-2017-014516	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-671	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-101073	Trust: 0.1
db:	VULMON	id:	CVE-2017-10722	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-101073 // VULMON: CVE-2017-10722 // JVNDB: JVNDB-2017-014516 // PACKETSTORM: 153241 // CNNVD: CNNVD-201906-671 // NVD: CVE-2017-10722

REFERENCES

url:	https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/shekar_boriscope_sec_issues.pdf	Trust: 2.6
url:	https://seclists.org/bugtraq/2019/jun/8	Trust: 1.8
url:	http://packetstormsecurity.com/files/153241/shekar-endoscope-weak-default-settings-memory-corruption.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10722	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10722	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ethanhunnt/iot_vulnerabilities	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10724	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-101073 // VULMON: CVE-2017-10722 // JVNDB: JVNDB-2017-014516 // PACKETSTORM: 153241 // CNNVD: CNNVD-201906-671 // NVD: CVE-2017-10722

CREDITS

Mandar Satam

Trust: 0.1

sources: PACKETSTORM: 153241

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-101073
db:	VULMON	id:	CVE-2017-10722
db:	JVNDB	id:	JVNDB-2017-014516
db:	PACKETSTORM	id:	153241
db:	CNNVD	id:	CNNVD-201906-671
db:	NVD	id:	CVE-2017-10722

LAST UPDATE DATE

2025-01-30T22:17:30.087000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-101073	date:	2019-06-20T00:00:00
db:	VULMON	id:	CVE-2017-10722	date:	2019-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-014516	date:	2019-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201906-671	date:	2019-06-21T00:00:00
db:	NVD	id:	CVE-2017-10722	date:	2024-11-21T03:06:20.437

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-101073	date:	2019-06-17T00:00:00
db:	VULMON	id:	CVE-2017-10722	date:	2019-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-014516	date:	2019-06-24T00:00:00
db:	PACKETSTORM	id:	153241	date:	2019-06-09T09:32:22
db:	CNNVD	id:	CNNVD-201906-671	date:	2019-06-17T00:00:00
db:	NVD	id:	CVE-2017-10722	date:	2019-06-17T22:15:10.137