Lucene search

[email protected]CVE-2013-4977

HistoryMar 03, 2014 - 4:55 p.m.

CVE-2013-4977

2014-03-0316:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-4977

buffer overflow

hikvision

ds-2cd7153-e

ip camera

rtsp

denial of service

remote code execution

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.096 Low

EPSS

Percentile

94.7%

JSON

Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction.

CPENameOperatorVersion
hikvision:ds-2cd7153-e_firmwarehikvision ds-2cd7153-e firmwareeq4.1.0_b130111
hikvision:ds-2cd7153-ehikvision ds-2cd7153-eeq-

CPE	Name	Operator	Version
hikvision:ds-2cd7153-e_firmware	hikvision ds-2cd7153-e firmware	eq	4.1.0_b130111
hikvision:ds-2cd7153-e	hikvision ds-2cd7153-e	eq	-

References

archives.neohapsis.com/archives/bugtraq/2013-08/0046.html

packetstormsecurity.com/files/122718/Hikvision-IP-Cameras-Overflow-Bypass-Privilege-Escalation.html

www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities

www.securityfocus.com/bid/61642

exchange.xforce.ibmcloud.com/vulnerabilities/86292

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.096 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2013-4977

prion1 exploitpack1 securityvulns2 coresecurity1 zdt1 packetstorm1 exploitdb1