10
CVE-2014-1201
- EPSS 23.2%
- Veröffentlicht 15.01.2014 16:08:18
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBuffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lorex Technology ≫ Edge Lh310 Firmware Version7-35-28-1b26e
Lorextechnology ≫ Edge Versionlh310
Lorex Technology ≫ Edge3 Lh340 Firmware Version11.19.85_1fe3a
Lorextechnology ≫ Edge3 Versionlh340
Lorex Technology ≫ Edge2 Lh330 Firmware Version11.17.38-33_1d97a
Lorextechnology ≫ Edge2 Versionlh330
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 23.2% | 0.958 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.