Details of VAR-201907-1138

ID

VAR-201907-1138

CVE

CVE-2018-14496

TITLE

Vivotek FD8136 Device buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015836

DESCRIPTION

Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance. Vivotek FD8136 The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VivotekFD8136 is a hemispherical network camera from China's Taiwan Vivotek. A buffer overflow vulnerability exists in VivotekFD8136 that could allow an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Trust: 2.25

sources: NVD: CVE-2018-14496 // JVNDB: JVNDB-2018-015836 // CNVD: CNVD-2019-22271 // VULHUB: VHN-124661

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-22271

AFFECTED PRODUCTS

vendor:	vivotek	model:	fd8136	scope:	eq	version:	0301a	Trust: 1.0
vendor:	vivotek	model:	network camera fd8136	scope:	-	version:	-	Trust: 0.8
vendor:	vivotek	model:	fd8136	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-22271 // JVNDB: JVNDB-2018-015836 // NVD: CVE-2018-14496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14496
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-14496
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-22271
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201907-555
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-124661
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-14496
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-22271
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-124661
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14496
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-22271 // VULHUB: VHN-124661 // JVNDB: JVNDB-2018-015836 // CNNVD: CNNVD-201907-555 // NVD: CVE-2018-14496

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-124661 // JVNDB: JVNDB-2018-015836 // NVD: CVE-2018-14496

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-555

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-555

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015836

PATCH

title:

FD8136

url:

https://www.vivotek.com/fd8136

Trust: 0.8

sources: JVNDB: JVNDB-2018-015836

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14496	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-015836	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-555	Trust: 0.7
db:	CNVD	id:	CNVD-2019-22271	Trust: 0.6
db:	VULHUB	id:	VHN-124661	Trust: 0.1

sources: CNVD: CNVD-2019-22271 // VULHUB: VHN-124661 // JVNDB: JVNDB-2018-015836 // CNNVD: CNNVD-201907-555 // NVD: CVE-2018-14496

REFERENCES

url:	https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/	Trust: 3.1
url:	https://www.vdalabs.com/2018/11/29/professional-iot-hacking-series-hunting-remote-memory-corruption/	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14496	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14496	Trust: 0.8

sources: CNVD: CNVD-2019-22271 // VULHUB: VHN-124661 // JVNDB: JVNDB-2018-015836 // CNNVD: CNNVD-201907-555 // NVD: CVE-2018-14496

SOURCES

db:	CNVD	id:	CNVD-2019-22271
db:	VULHUB	id:	VHN-124661
db:	JVNDB	id:	JVNDB-2018-015836
db:	CNNVD	id:	CNNVD-201907-555
db:	NVD	id:	CVE-2018-14496

LAST UPDATE DATE

2024-11-23T21:37:04.458000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-22271	date:	2019-07-12T00:00:00
db:	VULHUB	id:	VHN-124661	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015836	date:	2019-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201907-555	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2018-14496	date:	2024-11-21T03:49:11.420

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-22271	date:	2019-07-12T00:00:00
db:	VULHUB	id:	VHN-124661	date:	2019-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-015836	date:	2019-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201907-555	date:	2019-07-10T00:00:00
db:	NVD	id:	CVE-2018-14496	date:	2019-07-10T14:15:10.730