Search criteria
5 vulnerabilities found for tv-ip422w by trendnet
VAR-201501-0575
Vulnerability from variot - Updated: 2023-12-18 13:34Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function. TRENDnet TEW-818DRU is a routing device. TRENDnet TV-IP422WN 'UltraCamX.ocx' has multiple stack buffer overflow vulnerabilities because it cannot properly check user-supplied data before copying it to a full-size memory buffer. An attacker could exploit these vulnerabilities to execute arbitrary code in the context of an affected application. Failed exploit attempts will result in denial-of-service conditions. SecurView Wireless N Day/Night Pan/Tilt Internet Camera, a powerfuldual-codec wireless network camera with the 2-way audio function that providesthe high-quality image and on-the-spot audio via the Internet connection.The UltraCam ActiveX Control 'UltraCamX.ocx' suffers from a stack bufferoverflow vulnerability when parsing large amount of bytes to several functionsin UltraCamLib, resulting in memory corruption overwriting severeal registersincluding the SEH. An attacker can gain access to the system of the affectednode and execute arbitrary code.
--------------------------------------------------------------------------------0:000> r
eax=41414141 ebx=100ceff4 ecx=0042df38 edx=00487900 esi=00487a1c edi=0042e9fc
eip=100203fb esp=0042d720 ebp=0042e9a8 iopl=0 nv up ei pl nz ac po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210212
UltraCamX!DllUnregisterServer+0xeb2b:
100203fb 8b48e0 mov ecx,dword ptr [eax-20h] ds:002b:41414121=????????
0:000> !exchain
0042eda8: 41414141
Invalid exception stack at 41414141
--------------------------------------------------------------------------------
Tested on: Microsoft Windows 7 Professional SP1 (EN). TRENDnet SecurView camera TV-IP422WN is a wireless IP camera product from TRENDnet. UltraCam ActiveX Control (UltraCamX.ocx) is one of the digital aerial camera controls
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0575",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tv-ip422wn",
"scope": "eq",
"trust": 1.6,
"vendor": "trendnet",
"version": null
},
{
"model": "tv-ip422w",
"scope": "eq",
"trust": 1.6,
"vendor": "trendnet",
"version": null
},
{
"model": "tv-ip422wn",
"scope": null,
"trust": 1.4,
"vendor": "trendnet",
"version": null
},
{
"model": "tv-ip422w",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tv-ip422wn",
"scope": "eq",
"trust": 0.3,
"vendor": "trendnet",
"version": "0"
},
{
"model": "securview wireless network camera tv-ip",
"scope": "eq",
"trust": 0.1,
"vendor": "trendnet",
"version": "tv-ip422wn/tv-ip422w"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5211"
},
{
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"db": "BID",
"id": "71292"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007642"
},
{
"db": "NVD",
"id": "CVE-2014-10011"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:trendnet:tv-ip422w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:trendnet:tv-ip422wn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-10011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gjoko Krstic",
"sources": [
{
"db": "BID",
"id": "71292"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
],
"trust": 0.9
},
"cve": "CVE-2014-10011",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-10011",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-08542",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-68548",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-10011",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-08542",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-487",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2014-5211",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "VULHUB",
"id": "VHN-68548",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5211"
},
{
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"db": "VULHUB",
"id": "VHN-68548"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007642"
},
{
"db": "NVD",
"id": "CVE-2014-10011"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function. TRENDnet TEW-818DRU is a routing device. TRENDnet TV-IP422WN \u0027UltraCamX.ocx\u0027 has multiple stack buffer overflow vulnerabilities because it cannot properly check user-supplied data before copying it to a full-size memory buffer. An attacker could exploit these vulnerabilities to execute arbitrary code in the context of an affected application. Failed exploit attempts will result in denial-of-service conditions. SecurView Wireless N Day/Night Pan/Tilt Internet Camera, a powerfuldual-codec wireless network camera with the 2-way audio function that providesthe high-quality image and on-the-spot audio via the Internet connection.The UltraCam ActiveX Control \u0027UltraCamX.ocx\u0027 suffers from a stack bufferoverflow vulnerability when parsing large amount of bytes to several functionsin UltraCamLib, resulting in memory corruption overwriting severeal registersincluding the SEH. An attacker can gain access to the system of the affectednode and execute arbitrary code.\u003cbr/\u003e\u003cbr/\u003e--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003e\u003ccode\u003e0:000\u0026gt; r\u003cbr/\u003eeax=41414141 ebx=100ceff4 ecx=0042df38 edx=00487900 esi=00487a1c edi=0042e9fc\u003cbr/\u003eeip=100203fb esp=0042d720 ebp=0042e9a8 iopl=0 nv up ei pl nz ac po nc\u003cbr/\u003ecs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210212\u003cbr/\u003eUltraCamX!DllUnregisterServer+0xeb2b:\u003cbr/\u003e100203fb 8b48e0 mov ecx,dword ptr [eax-20h] ds:002b:41414121=????????\u003cbr/\u003e0:000\u0026gt; !exchain\u003cbr/\u003e0042eda8: 41414141\u003cbr/\u003eInvalid exception stack at 41414141\u003cbr/\u003e\u003c/code\u003e\u003cbr/\u003e\t--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003eTested on: Microsoft Windows 7 Professional SP1 (EN). TRENDnet SecurView camera TV-IP422WN is a wireless IP camera product from TRENDnet. UltraCam ActiveX Control (UltraCamX.ocx) is one of the digital aerial camera controls",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-10011"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007642"
},
{
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"db": "BID",
"id": "71292"
},
{
"db": "ZSL",
"id": "ZSL-2014-5211"
},
{
"db": "VULHUB",
"id": "VHN-68548"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/trendnet_bof.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-68548",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5211"
},
{
"db": "VULHUB",
"id": "VHN-68548"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-10011",
"trust": 2.9
},
{
"db": "ZSL",
"id": "ZSL-2014-5211",
"trust": 2.9
},
{
"db": "BID",
"id": "71292",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "129262",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007642",
"trust": 0.8
},
{
"db": "XF",
"id": "98948",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201411-487",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-08542",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "35363",
"trust": 0.2
},
{
"db": "CXSECURITY",
"id": "WLB-2014110169",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "115037",
"trust": 0.1
},
{
"db": "VULDB",
"id": "68288",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "60244",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68548",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5211"
},
{
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"db": "VULHUB",
"id": "VHN-68548"
},
{
"db": "BID",
"id": "71292"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007642"
},
{
"db": "NVD",
"id": "CVE-2014-10011"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
]
},
"id": "VAR-201501-0575",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"db": "VULHUB",
"id": "VHN-68548"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08542"
}
]
},
"last_update_date": "2023-12-18T13:34:34.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TV-IP422WN",
"trust": 0.8,
"url": "http://www.trendnet.com/products/proddetail.asp?prod=190_tv-ip422wn"
},
{
"title": "TV-IP422W",
"trust": 0.8,
"url": "http://www.trendnet.com/products/proddetail.asp?prod=155_tv-ip422w"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007642"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68548"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007642"
},
{
"db": "NVD",
"id": "CVE-2014-10011"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5211.php"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/71292"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/129262/trendnet-securview-wireless-network-camera-tv-ip422wn-buffer-overflow.html"
},
{
"trust": 1.7,
"url": "http://www.zeroscience.mk/codes/trendnet_bof.txt"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98948"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-10011"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-10011"
},
{
"trust": 0.7,
"url": "http://xforce.iss.net/xforce/xfdb/98948"
},
{
"trust": 0.3,
"url": "http://www.trendnet.com/"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/35363/"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/129262"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2014110169"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/115037"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20141126/11848.html"
},
{
"trust": 0.1,
"url": "http://www.scip.ch/en/?vuldb.68288"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/60244/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-10011"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5211"
},
{
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"db": "VULHUB",
"id": "VHN-68548"
},
{
"db": "BID",
"id": "71292"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007642"
},
{
"db": "NVD",
"id": "CVE-2014-10011"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2014-5211"
},
{
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"db": "VULHUB",
"id": "VHN-68548"
},
{
"db": "BID",
"id": "71292"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007642"
},
{
"db": "NVD",
"id": "CVE-2014-10011"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5211"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"date": "2015-01-13T00:00:00",
"db": "VULHUB",
"id": "VHN-68548"
},
{
"date": "2014-11-25T00:00:00",
"db": "BID",
"id": "71292"
},
{
"date": "2015-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007642"
},
{
"date": "2015-01-13T11:59:20.147000",
"db": "NVD",
"id": "CVE-2014-10011"
},
{
"date": "2014-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-17T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5211"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-68548"
},
{
"date": "2015-04-13T21:01:00",
"db": "BID",
"id": "71292"
},
{
"date": "2015-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007642"
},
{
"date": "2017-09-08T01:29:03.010000",
"db": "NVD",
"id": "CVE-2014-10011"
},
{
"date": "2015-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TRENDnet TV-IP422WN \u0027UltraCamX.ocx\u0027 Multiple Stack Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08542"
},
{
"db": "BID",
"id": "71292"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-487"
}
],
"trust": 0.6
}
}
VAR-190001-0488
Vulnerability from variot - Updated: 2022-05-17 02:06Trendnet TV-IP422W, iPUX ICS1033, Digicom IP CAMERA 100W are IP camera products. These products include an undocumented account \"productmaker\" that uses the default password, which allows an attacker to access the WEB or Telnet interface and command injection attacks. Multiple IP cameras are prone to an unauthorized access vulnerability. Successful exploits will allow a remote attacker to gain unauthorized access to the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-190001-0488",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "palerai ipux ics1033",
"scope": null,
"trust": 0.6,
"vendor": "roberta",
"version": null
},
{
"model": "palerai trendnet tv-ip422w",
"scope": null,
"trust": 0.6,
"vendor": "roberta",
"version": null
},
{
"model": "palerai digicom ip camera 100w",
"scope": null,
"trust": 0.6,
"vendor": "roberta",
"version": null
},
{
"model": "tv-ip422w",
"scope": "eq",
"trust": 0.3,
"vendor": "trendnet",
"version": "0"
},
{
"model": "ics1033",
"scope": "eq",
"trust": 0.3,
"vendor": "ipux",
"version": "0"
},
{
"model": "ip camera 100w",
"scope": null,
"trust": 0.3,
"vendor": "digicom",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2332"
},
{
"db": "BID",
"id": "48325"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roberto Paleari",
"sources": [
{
"db": "BID",
"id": "48325"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-209"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trendnet TV-IP422W, iPUX ICS1033, Digicom IP CAMERA 100W are IP camera products. These products include an undocumented account \\\"productmaker\\\" that uses the default password, which allows an attacker to access the WEB or Telnet interface and command injection attacks. Multiple IP cameras are prone to an unauthorized access vulnerability. \nSuccessful exploits will allow a remote attacker to gain unauthorized access to the affected device",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2332"
},
{
"db": "BID",
"id": "48325"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "48325",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2011-2332",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201106-209",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2332"
},
{
"db": "BID",
"id": "48325"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-209"
}
]
},
"id": "VAR-190001-0488",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2332"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2332"
}
]
},
"last_update_date": "2022-05-17T02:06:56.050000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0064.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/48325"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2332"
},
{
"db": "BID",
"id": "48325"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-2332"
},
{
"db": "BID",
"id": "48325"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2332"
},
{
"date": "2011-06-17T00:00:00",
"db": "BID",
"id": "48325"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2332"
},
{
"date": "2011-06-17T00:00:00",
"db": "BID",
"id": "48325"
},
{
"date": "2011-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-209"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple IP Camera Products \u0027productmaker\u0027 Account Unauthorized Access Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2332"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "48325"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-209"
}
],
"trust": 0.9
}
}
FKIE_CVE-2014-10011
Vulnerability from fkie_nvd - Published: 2015-01-13 11:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tv-ip422w | - | |
| trendnet | tv-ip422wn | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tv-ip422w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9508AD50-F519-4052-8476-D82567C54FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:trendnet:tv-ip422wn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5536281-F246-480B-B159-F99ED28EACD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en UltraCamLib en el control de ActiveX UltraCam (UltraCamX.ocx) para el camera Securview TRENDnet TV-IP422WN permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena larga en la funci\u00f3n (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, o (7) RemoteHost."
}
],
"id": "CVE-2014-10011",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-13T11:59:20.147",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/71292"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.zeroscience.mk/codes/trendnet_bof.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/71292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.zeroscience.mk/codes/trendnet_bof.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98948"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-10011 (GCVE-0-2014-10011)
Vulnerability from cvelistv5 – Published: 2015-01-13 11:00 – Updated: 2024-08-06 14:02
VLAI?
Summary
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:02:38.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "trendnet-tvip422wn-bo(98948)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98948"
},
{
"name": "71292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/codes/trendnet_bof.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "trendnet-tvip422wn-bo(98948)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98948"
},
{
"name": "71292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/codes/trendnet_bof.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trendnet-tvip422wn-bo(98948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98948"
},
{
"name": "71292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71292"
},
{
"name": "http://www.zeroscience.mk/codes/trendnet_bof.txt",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/codes/trendnet_bof.txt"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php"
},
{
"name": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-10011",
"datePublished": "2015-01-13T11:00:00",
"dateReserved": "2015-01-13T00:00:00",
"dateUpdated": "2024-08-06T14:02:38.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-10011 (GCVE-0-2014-10011)
Vulnerability from nvd – Published: 2015-01-13 11:00 – Updated: 2024-08-06 14:02
VLAI?
Summary
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:02:38.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "trendnet-tvip422wn-bo(98948)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98948"
},
{
"name": "71292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/codes/trendnet_bof.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "trendnet-tvip422wn-bo(98948)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98948"
},
{
"name": "71292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/codes/trendnet_bof.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trendnet-tvip422wn-bo(98948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98948"
},
{
"name": "71292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71292"
},
{
"name": "http://www.zeroscience.mk/codes/trendnet_bof.txt",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/codes/trendnet_bof.txt"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5211.php"
},
{
"name": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129262/TRENDnet-SecurView-Wireless-Network-Camera-TV-IP422WN-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-10011",
"datePublished": "2015-01-13T11:00:00",
"dateReserved": "2015-01-13T00:00:00",
"dateUpdated": "2024-08-06T14:02:38.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}