Details of VAR-201910-1353

ID

VAR-201910-1353

CVE

CVE-2016-2356

TITLE

Milesight IP security cameras Vulnerable to classic buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2016-009568

DESCRIPTION

Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. Milesight IP security cameras Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Milesight IP security cameras is an IP camera product of China Milesight Digital Technology (Milesight). The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2016-2356 // JVNDB: JVNDB-2016-009568 // CNVD: CNVD-2019-40062

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-40062

AFFECTED PRODUCTS

vendor:	milesight	model:	ip security camera	scope:	lte	version:	2016-11-14	Trust: 1.0
vendor:	milesight	model:	ip security camera	scope:	lte	version:	2016/11/14	Trust: 0.8
vendor:	milesight	model:	ip security cameras	scope:	lt	version:	2016-11-14	Trust: 0.6
vendor:	milesight	model:	ip security camera	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-40062 // JVNDB: JVNDB-2016-009568 // CNNVD: CNNVD-201910-1492 // NVD: CVE-2016-2356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2356
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-2356
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-40062
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201910-1492
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2016-2356
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-40062
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-2356
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2016-2356
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-40062 // JVNDB: JVNDB-2016-009568 // CNNVD: CNNVD-201910-1492 // NVD: CVE-2016-2356

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2016-009568 // NVD: CVE-2016-2356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1492

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1492

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-009568

PATCH

title:	Top Page	url:	https://www.milesight.com/	Trust: 0.8
title:	Patch for Milesight IP security cameras buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/189469	Trust: 0.6
title:	Milesight IP security cameras Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100873	Trust: 0.6

sources: CNVD: CNVD-2019-40062 // JVNDB: JVNDB-2016-009568 // CNNVD: CNNVD-201910-1492

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2356	Trust: 3.0
db:	JVNDB	id:	JVNDB-2016-009568	Trust: 0.8
db:	CNVD	id:	CNVD-2019-40062	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-1492	Trust: 0.6

sources: CNVD: CNVD-2019-40062 // JVNDB: JVNDB-2016-009568 // CNNVD: CNNVD-201910-1492 // NVD: CVE-2016-2356

REFERENCES

url:	http://kirils.org/slides/2016-10-06_milesight_initial.pdf	Trust: 2.4
url:	https://www.youtube.com/watch?v=scckki7caw0	Trust: 2.2
url:	https://possiblesecurity.com/news/vulnerabilities-of-milesight-ip-security-cameras/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2356	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2356	Trust: 0.8

sources: CNVD: CNVD-2019-40062 // JVNDB: JVNDB-2016-009568 // CNNVD: CNNVD-201910-1492 // NVD: CVE-2016-2356

SOURCES

db:	CNVD	id:	CNVD-2019-40062
db:	JVNDB	id:	JVNDB-2016-009568
db:	CNNVD	id:	CNNVD-201910-1492
db:	NVD	id:	CVE-2016-2356

LAST UPDATE DATE

2024-11-23T21:36:34.496000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-40062	date:	2019-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-009568	date:	2019-11-01T00:00:00
db:	CNNVD	id:	CNNVD-201910-1492	date:	2019-11-07T00:00:00
db:	NVD	id:	CVE-2016-2356	date:	2024-11-21T02:48:17.263

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-40062	date:	2019-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-009568	date:	2019-11-01T00:00:00
db:	CNNVD	id:	CNNVD-201910-1492	date:	2019-10-25T00:00:00
db:	NVD	id:	CVE-2016-2356	date:	2019-10-25T15:15:11.513