Details of VAR-202206-0476

ID

VAR-202206-0476

CVE

CVE-2019-25062

TITLE

Sricam IP CCTV Camera Out-of-bounds Write Vulnerability (CNVD-2022-61890)

Trust: 0.6

sources: CNVD: CNVD-2022-61890

DESCRIPTION

A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. An out-of-bounds write vulnerability exists in Sricam Device Viewer

Trust: 1.44

sources: NVD: CVE-2019-25062 // CNVD: CNVD-2022-61890

IOT TAXONOMY

category:	['IoT']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	IP camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-61890

AFFECTED PRODUCTS

vendor:	sricam	model:	deviceviewer	scope:	eq	version:	3.12.0.1	Trust: 1.0
vendor:	sricam	model:	device viewer	scope:	eq	version:	3.12.0.1	Trust: 0.6

sources: CNVD: CNVD-2022-61890 // NVD: CVE-2019-25062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-25062
value:	HIGH
Trust: 1.0
cna@vuldb.com:	CVE-2019-25062
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2022-61890
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202206-776
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-25062
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2022-61890
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-25062
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cna@vuldb.com:	CVE-2019-25062
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-61890 // CNNVD: CNNVD-202206-776 // NVD: CVE-2019-25062 // NVD: CVE-2019-25062

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0

sources: NVD: CVE-2019-25062

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202206-776

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202206-776

EXTERNAL IDS

db:	NVD	id:	CVE-2019-25062	Trust: 2.3
db:	EXPLOIT-DB	id:	47477	Trust: 1.6
db:	VULDB	id:	159431	Trust: 1.6
db:	CNVD	id:	CNVD-2022-61890	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-776	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-61890 // CNNVD: CNNVD-202206-776 // NVD: CVE-2019-25062

REFERENCES

url:	https://vuldb.com/?id.159431	Trust: 1.6
url:	https://www.exploit-db.com/exploits/47477	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25062	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2019-25062/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2022-61890 // CNNVD: CNNVD-202206-776 // NVD: CVE-2019-25062

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2022-61890
db:	CNNVD	id:	CNNVD-202206-776
db:	NVD	id:	CVE-2019-25062

LAST UPDATE DATE

2025-01-30T21:21:26.206000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-61890	date:	2022-09-06T00:00:00
db:	CNNVD	id:	CNNVD-202206-776	date:	2022-06-30T00:00:00
db:	NVD	id:	CVE-2019-25062	date:	2022-06-21T20:18:17.950

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-61890	date:	2022-09-06T00:00:00
db:	CNNVD	id:	CNNVD-202206-776	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2019-25062	date:	2022-06-08T09:15:08