CVE-2008-5674

Exploit

EPSS 22.06%
Veröffentlicht 19.12.2008 01:52:02
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Darkwet ≫ Webcam Xp Version <= 3.72.440.0

Darkwet ≫ Webcam Xp Version1.02.432

Darkwet ≫ Webcam Xp Version1.02.535

Darkwet ≫ Webcam Xp Version1.6.945

Darkwet ≫ Webcam Xp Version2.20

Darkwet ≫ Webcam Xp Version3.72

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.06%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.4	10	9.2	AV:N/AC:L/Au:N/C:C/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://aluigi.altervista.org/adv/webcamxp-adv.txt

http://osvdb.org/42929

http://secunia.com/advisories/29007

Vendor Advisory

http://securityreason.com/securityalert/4788

http://www.osvdb.org/42927

http://www.osvdb.org/42928

http://www.securityfocus.com/archive/1/488364/100/200/threaded

http://www.securityfocus.com/bid/27875

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2008-5674

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5674

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5674

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2008-5674