Search...

CVE-2008-5674

2008-12-19T01:52:00

ID CVE-2008-5674
Type cve
Reporter cve@mitre.org
Modified 2018-10-11T20:56:00

Description

Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.

JSON Vulners Source

Initial Source

{"id": "CVE-2008-5674", "bulletinFamily": "NVD", "title": "CVE-2008-5674", "description": "Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.", "published": "2008-12-19T01:52:00", "modified": "2018-10-11T20:56:00", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5674", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/29007", "http://www.securityfocus.com/archive/1/488364/100/200/threaded", "http://osvdb.org/42929", "http://aluigi.altervista.org/adv/webcamxp-adv.txt", "http://www.securityfocus.com/bid/27875", "http://www.osvdb.org/42927", "http://securityreason.com/securityalert/4788", "http://www.osvdb.org/42928"], "cvelist": ["CVE-2008-5674"], "type": "cve", "lastseen": "2020-12-09T19:28:27", "edition": 5, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:31234", "EDB-ID:31233"]}], "modified": "2020-12-09T19:28:27", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2020-12-09T19:28:27", "rev": 2}, "vulnersScore": 4.8}, "cpe": ["cpe:/a:darkwet:webcam_xp:3.72", "cpe:/a:darkwet:webcam_xp:3.72.440.0", "cpe:/a:darkwet:webcam_xp:1.02.432", "cpe:/a:darkwet:webcam_xp:1.02.535", "cpe:/a:darkwet:webcam_xp:2.20", "cpe:/a:darkwet:webcam_xp:1.6.945"], "affectedSoftware": [{"cpeName": "darkwet:webcam_xp", "name": "darkwet webcam xp", "operator": "eq", "version": "1.02.432"}, {"cpeName": "darkwet:webcam_xp", "name": "darkwet webcam xp", "operator": "le", "version": "3.72.440.0"}, {"cpeName": "darkwet:webcam_xp", "name": "darkwet webcam xp", "operator": "eq", "version": "2.20"}, {"cpeName": "darkwet:webcam_xp", "name": "darkwet webcam xp", "operator": "eq", "version": "1.02.535"}, {"cpeName": "darkwet:webcam_xp", "name": "darkwet webcam xp", "operator": "eq", "version": "3.72"}, {"cpeName": "darkwet:webcam_xp", "name": "darkwet webcam xp", "operator": "eq", "version": "1.6.945"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:darkwet:webcam_xp:1.02.535:*:*:*:*:*:*:*", "cpe:2.3:a:darkwet:webcam_xp:3.72:*:*:*:*:*:*:*", "cpe:2.3:a:darkwet:webcam_xp:2.20:*:*:*:*:*:*:*", "cpe:2.3:a:darkwet:webcam_xp:1.6.945:*:*:*:*:*:*:*", "cpe:2.3:a:darkwet:webcam_xp:1.02.432:*:*:*:*:*:*:*", "cpe:2.3:a:darkwet:webcam_xp:3.72.440.0:*:*:*:*:*:*:*"], "cwe": ["CWE-20"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:darkwet:webcam_xp:1.02.432:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:darkwet:webcam_xp:1.02.535:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:darkwet:webcam_xp:1.6.945:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:darkwet:webcam_xp:2.20:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:darkwet:webcam_xp:3.72:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:darkwet:webcam_xp:3.72.440.0:*:*:*:*:*:*:*", "versionEndIncluding": "3.72.440.0", "vulnerable": true}], "operator": "OR"}]}}

{"exploitdb": [{"lastseen": "2016-02-03T14:10:22", "description": "WebcamXP 3.72.440/4.05.280 beta /show_gallery_pic id Variable Arbitrary Memory Disclosure. CVE-2008-5674. Webapps exploits for multiple platform", "published": "2008-02-18T00:00:00", "type": "exploitdb", "title": "WebcamXP 3.72.440/4.05.280 beta /show_gallery_pic id Variable Arbitrary Memory Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5674"], "modified": "2008-02-18T00:00:00", "id": "EDB-ID:31234", "href": "https://www.exploit-db.com/exploits/31234/", "sourceData": "source: http://www.securityfocus.com/bid/27875/info\r\n \r\nwebcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data.\r\n \r\nAttackers can exploit these issues to access potentially sensitive information or crash the application. Successful exploits could aid in further attacks or deny service to legitimate users.\r\n \r\nThese issues affect webcamXP 3.72.440 and 4.05.280 beta and prior versions.\r\n\r\nhttp://www.example.com:8080/show_gallery_pic?id=999999 ", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/31234/"}, {"lastseen": "2016-02-03T14:10:14", "description": "WebcamXP 3.72.440/4.05.280 beta /pocketpc camnum Variable Arbitrary Memory Disclosure. CVE-2008-5674 . Webapps exploits for multiple platform", "published": "2008-02-18T00:00:00", "type": "exploitdb", "title": "WebcamXP 3.72.440/4.05.280 beta /pocketpc camnum Variable Arbitrary Memory Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5674"], "modified": "2008-02-18T00:00:00", "id": "EDB-ID:31233", "href": "https://www.exploit-db.com/exploits/31233/", "sourceData": "source: http://www.securityfocus.com/bid/27875/info\r\n\r\nwebcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data.\r\n\r\nAttackers can exploit these issues to access potentially sensitive information or crash the application. Successful exploits could aid in further attacks or deny service to legitimate users.\r\n\r\nThese issues affect webcamXP 3.72.440 and 4.05.280 beta and prior versions.\r\n\r\nhttp://www.example.com:8080/pocketpc?camnum=999999&mode=0\r\nhttp://www.example.com:8080/pocketpc?camnum=-999999&mode=0", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/31233/"}]}