CVE-2014-10011

Exploit

EPSS 20.82%
Published 13.01.2015 11:59:20
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Trendnet ≫ Tv-ip422w Version-

Trendnet ≫ Tv-ip422wn Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	20.82%	0.954

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html

http://www.securityfocus.com/bid/71292

Exploit

http://www.zeroscience.mk/codes/trendnet_bof.txt

Exploit

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/98948

https://nvd.nist.gov/vuln/detail/CVE-2014-10011

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-10011

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-10011

EUVD