Sign-up

ID

VAR-201909-1017


CVE

CVE-2019-14457


TITLE

VIVOTEK IP Camera Classic buffer overflow vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-009359

DESCRIPTION

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. VIVOTEK IP Camera The device firmware contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2019-14457 // JVNDB: JVNDB-2019-009359 // VULHUB: VHN-146405

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:vivotekmodel:camerascope:eqversion: -

Trust: 1.0

vendor:vivotekmodel:camerascope:ltversion:0x20x

Trust: 0.8

sources: JVNDB: JVNDB-2019-009359 // NVD: CVE-2019-14457

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14457
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-14457
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201909-456
value: CRITICAL

Trust: 0.6

VULHUB: VHN-146405
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-14457
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-146405
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14457
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-14457
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-146405 // JVNDB: JVNDB-2019-009359 // CNNVD: CNNVD-201909-456 // NVD: CVE-2019-14457

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-120

Trust: 0.9

sources: VULHUB: VHN-146405 // JVNDB: JVNDB-2019-009359 // NVD: CVE-2019-14457

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-456

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201909-456

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009359

PATCH
title:VVTK−SA-2019-002url:http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf
Trust: 0.8
title:VIVOTEK IP Camera Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98049
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009359 // 
            
            
            
            CNNVD: CNNVD-201909-456

EXTERNAL IDS
db:NVDid:CVE-2019-14457
Trust: 2.6
db:JVNDBid:JVNDB-2019-009359
Trust: 0.8
db:CNNVDid:CNNVD-201909-456
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-146405
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-146405 // 
            
            
            
            JVNDB: JVNDB-2019-009359 // 
            
            
            
            CNNVD: CNNVD-201909-456 // 
            
            
            
            NVD: CVE-2019-14457

REFERENCES
url:http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2019-002-v1.pdf
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-14457
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14457
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-146405 // 
            
            
            
            JVNDB: JVNDB-2019-009359 // 
            
            
            
            CNNVD: CNNVD-201909-456 // 
            
            
            
            NVD: CVE-2019-14457

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-146405
db:JVNDBid:JVNDB-2019-009359
db:CNNVDid:CNNVD-201909-456
db:NVDid:CVE-2019-14457

LAST UPDATE DATE
2025-01-30T21:46:50.793000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-146405date:2019-09-16T00:00:00
db:JVNDBid:JVNDB-2019-009359date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-456date:2021-07-26T00:00:00
db:NVDid:CVE-2019-14457date:2024-11-21T04:26:46.890

SOURCES RELEASE DATE
db:VULHUBid:VHN-146405date:2019-09-10T00:00:00
db:JVNDBid:JVNDB-2019-009359date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-456date:2019-09-10T00:00:00
db:NVDid:CVE-2019-14457date:2019-09-10T18:15:12.900