CVE-2014-10011

Exploit

EPSS 20.82%
Veröffentlicht 13.01.2015 11:59:20
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trendnet ≫ Tv-ip422w Version-

Trendnet ≫ Tv-ip422wn Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	20.82%	0.954

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html

http://www.securityfocus.com/bid/71292

Exploit

http://www.zeroscience.mk/codes/trendnet_bof.txt

Exploit

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/98948

https://nvd.nist.gov/vuln/detail/CVE-2014-10011

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-10011

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-10011

EUVD