Search criteria
6 vulnerabilities found for snc-eb630b_firmware by sony
FKIE_CVE-2018-3938
Vulnerability from fkie_nvd - Published: 2018-08-14 19:29 - Updated: 2024-11-21 04:06
Severity ?
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sony | snc-eb600_firmware | 1.87.00 | |
| sony | snc-eb600 | - | |
| sony | snc-eb630_firmware | 1.87.00 | |
| sony | snc-eb630 | - | |
| sony | snc-eb600b_firmware | 1.87.00 | |
| sony | snc-eb600b | - | |
| sony | snc-eb630b_firmware | 1.87.00 | |
| sony | snc-eb630b | - | |
| sony | snc-eb602r_firmware | 1.87.00 | |
| sony | snc-eb602r | - | |
| sony | snc-eb632r_firmware | 1.87.00 | |
| sony | snc-eb632r | - | |
| sony | snc-em600_firmware | 1.87.00 | |
| sony | snc-em600 | - | |
| sony | snc-em601_firmware | 1.87.00 | |
| sony | snc-em601 | - | |
| sony | snc-em630_firmware | 1.87.00 | |
| sony | snc-em630 | - | |
| sony | snc-em631_firmware | 1.87.00 | |
| sony | snc-em631 | - | |
| sony | snc-em602r_firmware | 1.87.00 | |
| sony | snc-em602r | - | |
| sony | snc-em632r_firmware | 1.87.00 | |
| sony | snc-em632r | - | |
| sony | snc-em602rc_firmware | 1.87.00 | |
| sony | snc-em602rc | - | |
| sony | snc-em632rc_firmware | 1.87.00 | |
| sony | snc-em632rc | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb600_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3FBC43-3AE3-4634-9331-B95B24F07E6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D084C71-003D-4624-A467-9B0A6ADD22C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb630_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "26359BD9-71D6-4129-A5DF-E4CA26A1DA5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D00D6B81-4C5A-4D3A-BDCC-520A45AE3725",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb600b_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "74D2B3EF-6B55-41D8-90BB-CEC33032A083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb600b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0ACBA0-AF10-4810-B91D-EA56EF8CB1D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb630b_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A59426BB-7B2B-423B-9F0B-E127B81D36DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb630b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0126D7-0A43-4601-A971-0CEED39381CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb602r_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "55C71563-027B-4431-8109-12A8D7AF57D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb602r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C515B9-6B61-4626-9B80-F00CA796B586",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb632r_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "197602C4-4CF6-4DB9-89C7-02411544C001",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb632r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72CFFBBB-4973-4B4F-A064-C9CF2AAF1BEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em600_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "11AFF2B2-5E89-41D0-9961-D41BBC0E9D23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5500F130-10D5-404B-946C-B59DC20DB0B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em601_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAD3F4C-2600-4974-8DCD-6AD3B59051CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE5E4F2-6E1D-4BB1-8A32-BABF62E169C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em630_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "561FC337-6CD9-4B68-B3C1-1FADC8C1BBDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF72A9F-632F-4C3F-8945-C0B5F2B17D59",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em631_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C3236C1C-71FC-4E19-AA10-B5F6B55C36BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em631:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9057CFCD-225F-433C-A3D4-AA18B5D01526",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em602r_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "FA152C1E-C517-439E-973F-AF18795351FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em602r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08178A2C-F3ED-4D23-ACF4-E30CE3593707",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em632r_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9C98FC39-2278-48A1-B5A2-D6D66FABE32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em632r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB388627-8C20-41D4-8792-BCE6DAD665CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em602rc_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A8EAD8FC-76DD-4594-9428-0BE87B09710C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em602rc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "263B4967-E9C7-4810-809C-A3BE9E28789C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em632rc_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C55E373D-B02F-4571-A214-85DD38B4D2E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em632rc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1521BBC3-B98A-45AB-97E7-C5DEB4F06B98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer basado en pila explotable en la funcionalidad 802dot1xclientcert.cgi de Sony IPELA E Series Camera G5 con la versi\u00f3n 1.87.00 de firmware. Una petici\u00f3n POST especialmente manipulada puede provocar un desbordamiento de b\u00fafer basado en pila que dar\u00eda lugar a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una petici\u00f3n POST maliciosa para provocar esta vulnerabilidad."
}
],
"id": "CVE-2018-3938",
"lastModified": "2024-11-21T04:06:20.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-14T19:29:01.153",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-3937
Vulnerability from fkie_nvd - Published: 2018-08-14 19:29 - Updated: 2024-11-21 04:06
Severity ?
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sony | snc-eb600_firmware | 1.87.00 | |
| sony | snc-eb600 | - | |
| sony | snc-eb630_firmware | 1.87.00 | |
| sony | snc-eb630 | - | |
| sony | snc-eb600b_firmware | 1.87.00 | |
| sony | snc-eb600b | - | |
| sony | snc-eb630b_firmware | 1.87.00 | |
| sony | snc-eb630b | - | |
| sony | snc-eb602r_firmware | 1.87.00 | |
| sony | snc-eb602r | - | |
| sony | snc-eb632r_firmware | 1.87.00 | |
| sony | snc-eb632r | - | |
| sony | snc-em600_firmware | 1.87.00 | |
| sony | snc-em600 | - | |
| sony | snc-em601_firmware | 1.87.00 | |
| sony | snc-em601 | - | |
| sony | snc-em630_firmware | 1.87.00 | |
| sony | snc-em630 | - | |
| sony | snc-em631_firmware | 1.87.00 | |
| sony | snc-em631 | - | |
| sony | snc-em602r_firmware | 1.87.00 | |
| sony | snc-em602r | - | |
| sony | snc-em632r_firmware | 1.87.00 | |
| sony | snc-em632r | - | |
| sony | snc-em602rc_firmware | 1.87.00 | |
| sony | snc-em602rc | - | |
| sony | snc-em632rc_firmware | 1.87.00 | |
| sony | snc-em632rc | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb600_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3FBC43-3AE3-4634-9331-B95B24F07E6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D084C71-003D-4624-A467-9B0A6ADD22C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb630_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "26359BD9-71D6-4129-A5DF-E4CA26A1DA5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D00D6B81-4C5A-4D3A-BDCC-520A45AE3725",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb600b_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "74D2B3EF-6B55-41D8-90BB-CEC33032A083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb600b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0ACBA0-AF10-4810-B91D-EA56EF8CB1D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb630b_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A59426BB-7B2B-423B-9F0B-E127B81D36DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb630b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0126D7-0A43-4601-A971-0CEED39381CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb602r_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "55C71563-027B-4431-8109-12A8D7AF57D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb602r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C515B9-6B61-4626-9B80-F00CA796B586",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-eb632r_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "197602C4-4CF6-4DB9-89C7-02411544C001",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-eb632r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72CFFBBB-4973-4B4F-A064-C9CF2AAF1BEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em600_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "11AFF2B2-5E89-41D0-9961-D41BBC0E9D23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5500F130-10D5-404B-946C-B59DC20DB0B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em601_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAD3F4C-2600-4974-8DCD-6AD3B59051CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE5E4F2-6E1D-4BB1-8A32-BABF62E169C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em630_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "561FC337-6CD9-4B68-B3C1-1FADC8C1BBDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF72A9F-632F-4C3F-8945-C0B5F2B17D59",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em631_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C3236C1C-71FC-4E19-AA10-B5F6B55C36BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em631:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9057CFCD-225F-433C-A3D4-AA18B5D01526",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em602r_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "FA152C1E-C517-439E-973F-AF18795351FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em602r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08178A2C-F3ED-4D23-ACF4-E30CE3593707",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em632r_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9C98FC39-2278-48A1-B5A2-D6D66FABE32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em632r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB388627-8C20-41D4-8792-BCE6DAD665CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em602rc_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A8EAD8FC-76DD-4594-9428-0BE87B09710C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em602rc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "263B4967-E9C7-4810-809C-A3BE9E28789C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:snc-em632rc_firmware:1.87.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C55E373D-B02F-4571-A214-85DD38B4D2E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:snc-em632rc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1521BBC3-B98A-45AB-97E7-C5DEB4F06B98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos explotable en la funcionalidad measurementBitrateExec de Sony IPELA E Series Network Camera G5 con la versi\u00f3n 1.87.00 de firmware. Una petici\u00f3n GET especialmente manipulada podr\u00eda provocar la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede enviar una petici\u00f3n HTTP manipulada para provocar esta vulnerabilidad."
}
],
"id": "CVE-2018-3937",
"lastModified": "2024-11-21T04:06:20.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-14T19:29:01.027",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-3937 (GCVE-0-2018-3937)
Vulnerability from cvelistv5 – Published: 2018-08-14 19:00 – Updated: 2024-09-16 16:13
VLAI?
Summary
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.
Severity ?
9.1 (Critical)
CWE
- command injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sony",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
],
"datePublic": "2018-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:06:31",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-20T00:00:00",
"ID": "CVE-2018-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sony",
"version": {
"version_data": [
{
"version_value": "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3937",
"datePublished": "2018-08-14T19:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-16T16:13:19.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3938 (GCVE-0-2018-3938)
Vulnerability from cvelistv5 – Published: 2018-08-14 19:00 – Updated: 2024-09-16 18:08
VLAI?
Summary
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.
Severity ?
9.1 (Critical)
CWE
- buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sony",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
],
"datePublic": "2018-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:06:32",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-20T00:00:00",
"ID": "CVE-2018-3938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sony",
"version": {
"version_data": [
{
"version_value": "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3938",
"datePublished": "2018-08-14T19:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-16T18:08:43.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3937 (GCVE-0-2018-3937)
Vulnerability from nvd – Published: 2018-08-14 19:00 – Updated: 2024-09-16 16:13
VLAI?
Summary
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.
Severity ?
9.1 (Critical)
CWE
- command injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sony",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
],
"datePublic": "2018-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:06:31",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-20T00:00:00",
"ID": "CVE-2018-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sony",
"version": {
"version_data": [
{
"version_value": "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3937",
"datePublished": "2018-08-14T19:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-16T16:13:19.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3938 (GCVE-0-2018-3938)
Vulnerability from nvd – Published: 2018-08-14 19:00 – Updated: 2024-09-16 18:08
VLAI?
Summary
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.
Severity ?
9.1 (Critical)
CWE
- buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sony",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
],
"datePublic": "2018-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:06:32",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-20T00:00:00",
"ID": "CVE-2018-3938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sony",
"version": {
"version_data": [
{
"version_value": "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3938",
"datePublished": "2018-08-14T19:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-16T18:08:43.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}