Search criteria
3 vulnerabilities found for ic-6220dc by edimax
CVE-2024-7616 (GCVE-0-2024-7616)
Vulnerability from cvelistv5 – Published: 2024-08-08 23:00 – Updated: 2024-08-09 17:20
VLAI?
Title
Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection
Summary
A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-77 - Command Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
jylsec (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T15:03:06.289927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T17:20:00.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IC-6220DC",
"vendor": "Edimax",
"versions": [
{
"status": "affected",
"version": "3.06"
}
]
},
{
"product": "IC-5150W",
"vendor": "Edimax",
"versions": [
{
"status": "affected",
"version": "3.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jylsec (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Edimax IC-6220DC and IC-5150W bis 3.06 ausgemacht. Es geht hierbei um die Funktion cgiFormString der Datei ipcam_cgi. Durch das Beeinflussen des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T23:00:06.211Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273986 | Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273986"
},
{
"name": "VDB-273986 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273986"
},
{
"name": "Submit #383845 | edimax IC-6220DC 3.06 command injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.383845"
},
{
"tags": [
"broken-link"
],
"url": "https://yjz233.notion.site/edimax-IC-6220DC-has-command-injection-vulnerability-in-ipcam_cgi-2029d67721f2473b8cfce5e286a70307?pvs=4"
},
{
"tags": [
"broken-link"
],
"url": "https://yjz233.notion.site/edimax-IC-5150W-has-command-injection-vulnerability-in-ipcam_cgi-cc72c7b7e2f24ba6a6609b6fcf78df34"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-08T16:42:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7616",
"datePublished": "2024-08-08T23:00:06.211Z",
"dateReserved": "2024-08-08T14:36:13.737Z",
"dateUpdated": "2024-08-09T17:20:00.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7616 (GCVE-0-2024-7616)
Vulnerability from nvd – Published: 2024-08-08 23:00 – Updated: 2024-08-09 17:20
VLAI?
Title
Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection
Summary
A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-77 - Command Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
jylsec (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T15:03:06.289927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T17:20:00.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IC-6220DC",
"vendor": "Edimax",
"versions": [
{
"status": "affected",
"version": "3.06"
}
]
},
{
"product": "IC-5150W",
"vendor": "Edimax",
"versions": [
{
"status": "affected",
"version": "3.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jylsec (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Edimax IC-6220DC and IC-5150W bis 3.06 ausgemacht. Es geht hierbei um die Funktion cgiFormString der Datei ipcam_cgi. Durch das Beeinflussen des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T23:00:06.211Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273986 | Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273986"
},
{
"name": "VDB-273986 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273986"
},
{
"name": "Submit #383845 | edimax IC-6220DC 3.06 command injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.383845"
},
{
"tags": [
"broken-link"
],
"url": "https://yjz233.notion.site/edimax-IC-6220DC-has-command-injection-vulnerability-in-ipcam_cgi-2029d67721f2473b8cfce5e286a70307?pvs=4"
},
{
"tags": [
"broken-link"
],
"url": "https://yjz233.notion.site/edimax-IC-5150W-has-command-injection-vulnerability-in-ipcam_cgi-cc72c7b7e2f24ba6a6609b6fcf78df34"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-08T16:42:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7616",
"datePublished": "2024-08-08T23:00:06.211Z",
"dateReserved": "2024-08-08T14:36:13.737Z",
"dateUpdated": "2024-08-09T17:20:00.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201804-1512
Vulnerability from variot - Updated: 2023-12-18 13:24An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function. EDIMAX IC-3140W , IC-5150W ,and IC-6220DC Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDIMAXIC-3140W, IC-5150W and IC-6220DC are all different series of network camera products from EDIMAX. A stack buffer overflow vulnerability exists in EDIMAXIC-3140W3.06 and earlier, IC-5150W3.09 and earlier, and IC-6220DC3.06 and earlier. This vulnerability is caused by the program not using the 'strcpy()' function correctly. An attacker could exploit this vulnerability to overwrite other values on the stack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1512",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ic-3140w",
"scope": "lte",
"trust": 1.8,
"vendor": "edimax",
"version": "3.06"
},
{
"model": "ic-5150w",
"scope": "lte",
"trust": 1.8,
"vendor": "edimax",
"version": "3.09"
},
{
"model": "ic-6220dc",
"scope": "lte",
"trust": 1.8,
"vendor": "edimax",
"version": "3.06"
},
{
"model": "ic-6220dc",
"scope": null,
"trust": 0.6,
"vendor": "edimax",
"version": null
},
{
"model": "ic-3140w",
"scope": null,
"trust": 0.6,
"vendor": "edimax",
"version": null
},
{
"model": "ic-5150w",
"scope": null,
"trust": 0.6,
"vendor": "edimax",
"version": null
},
{
"model": "ic-6220dc",
"scope": "eq",
"trust": 0.6,
"vendor": "edimax",
"version": "3.06"
},
{
"model": "ic-5150w",
"scope": "eq",
"trust": 0.6,
"vendor": "edimax",
"version": "3.09"
},
{
"model": "ic-3140w",
"scope": "eq",
"trust": 0.6,
"vendor": "edimax",
"version": "3.06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"db": "NVD",
"id": "CVE-2018-8072"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:edimax:ic-3140w_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:edimax:ic-3140w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:edimax:ic-5150w_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:edimax:ic-5150w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:edimax:ic-6220dc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:edimax:ic-6220dc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8072"
}
]
},
"cve": "CVE-2018-8072",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-8072",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-09567",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-138104",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8072",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8072",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-09567",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-1473",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-138104",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"db": "VULHUB",
"id": "VHN-138104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"db": "NVD",
"id": "CVE-2018-8072"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function. EDIMAX IC-3140W , IC-5150W ,and IC-6220DC Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDIMAXIC-3140W, IC-5150W and IC-6220DC are all different series of network camera products from EDIMAX. A stack buffer overflow vulnerability exists in EDIMAXIC-3140W3.06 and earlier, IC-5150W3.09 and earlier, and IC-6220DC3.06 and earlier. This vulnerability is caused by the program not using the \u0027strcpy()\u0027 function correctly. An attacker could exploit this vulnerability to overwrite other values on the stack",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8072"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"db": "VULHUB",
"id": "VHN-138104"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8072",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004999",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1473",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-09567",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-138104",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"db": "VULHUB",
"id": "VHN-138104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"db": "NVD",
"id": "CVE-2018-8072"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
]
},
"id": "VAR-201804-1512",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"db": "VULHUB",
"id": "VHN-138104"
}
],
"trust": 1.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09567"
}
]
},
"last_update_date": "2023-12-18T13:24:07.416000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Support \u0026 Services (IC-3140W)",
"trust": 0.8,
"url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
},
{
"title": "Patch for EDIMAXIC-3140W, IC-5150W, and IC-6220DC Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/129153"
},
{
"title": "EDIMAX IC-3140W , IC-5150W and IC-6220DC Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79731"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"db": "NVD",
"id": "CVE-2018-8072"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
},
{
"trust": 2.3,
"url": "https://gitlab.com/nemux/cve-2018-8072/blob/master/cve-2018-8072_poc.txt"
},
{
"trust": 1.7,
"url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
},
{
"trust": 1.7,
"url": "https://gitlab.com/nemux/cve-2018-8072/blob/master/nemux_codemotion_rome18_cover.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8072"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8072"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"db": "VULHUB",
"id": "VHN-138104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"db": "NVD",
"id": "CVE-2018-8072"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"db": "VULHUB",
"id": "VHN-138104"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"db": "NVD",
"id": "CVE-2018-8072"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"date": "2018-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-138104"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"date": "2018-04-26T15:29:00.477000",
"db": "NVD",
"id": "CVE-2018-8072"
},
{
"date": "2018-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09567"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-138104"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004999"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-8072"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural EDIMAX Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004999"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1473"
}
],
"trust": 0.6
}
}