CVE-2019-11878

Exploit

EPSS 0.2%
Veröffentlicht 10.05.2019 15:29:02
Zuletzt bearbeitet 21.11.2024 04:21:56
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xiongmaitech ≫ Besder Ip20h1 Firmware Version4.02.r12.00035520.12012.047500.00200

Xiongmaitech ≫ Besder Ip20h1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.427

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html

Third Party Advisory

Exploit

https://www.youtube.com/watch?v=SnyPJtDDMFQ

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-11878

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11878

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11878

EUVD