Sign-up

ID

VAR-202012-0387


CVE

CVE-2020-26762


TITLE

Edimax IP-Camera IC-3116W  and  IC-3140W  Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-013937

DESCRIPTION

A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08. Edimax IP-Camera IC-3116W and IC-3140W Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-26762 // JVNDB: JVNDB-2020-013937

IOT TAXONOMY

category:['camera device']sub_category:IP camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:edimaxmodel:ic-3116wscope:eqversion:3.06

Trust: 1.0

vendor:edimaxmodel:ic-3140wscope:eqversion:3.07

Trust: 1.0

vendor:edimaxmodel:ic-3140wscope: - version: -

Trust: 0.8

vendor:edimaxmodel:ic-3116wscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013937 // NVD: CVE-2020-26762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26762
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-26762
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202012-014
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-26762
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-26762
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-26762
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-013937 // CNNVD: CNNVD-202012-014 // NVD: CVE-2020-26762

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013937 // NVD: CVE-2020-26762

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-014

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202012-014

PATCH

title:Downloadurl:https://www.edimax.com/edimax/download/download/data/edimax/de/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3116w

Trust: 0.8

title:Edimax Technology Ipcam Ic-3116w and Edimax Technology Ipcam Ic-3140w Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135894

Trust: 0.6

sources: JVNDB: JVNDB-2020-013937 // CNNVD: CNNVD-202012-014

EXTERNAL IDS

db:NVDid:CVE-2020-26762

Trust: 2.5

db:JVNDBid:JVNDB-2020-013937

Trust: 0.8

db:CNNVDid:CNNVD-202012-014

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2020-013937 // CNNVD: CNNVD-202012-014 // NVD: CVE-2020-26762

REFERENCES

url:https://www.edimax.com/edimax/download/download/data/edimax/de/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3116w

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-26762

Trust: 1.4

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2020-013937 // CNNVD: CNNVD-202012-014 // NVD: CVE-2020-26762

SOURCES

db:OTHERid: -
db:JVNDBid:JVNDB-2020-013937
db:CNNVDid:CNNVD-202012-014
db:NVDid:CVE-2020-26762

LAST UPDATE DATE

2025-01-30T19:42:40.309000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-013937date:2021-07-16T01:54:00
db:CNNVDid:CNNVD-202012-014date:2020-12-07T00:00:00
db:NVDid:CVE-2020-26762date:2024-11-21T05:20:17.163

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-013937date:2021-07-16T00:00:00
db:CNNVDid:CNNVD-202012-014date:2020-12-01T00:00:00
db:NVDid:CVE-2020-26762date:2020-12-01T15:15:12.127