Lucene search

K
cveMitreCVE-2020-26762
HistoryDec 01, 2020 - 3:15 p.m.

CVE-2020-26762

2020-12-0115:15:12
CWE-787
mitre
web.nvd.nist.gov
54
cve-2020-26762
buffer-overflow
remote-code-execution
edimax ip-camera
ic-3116w
ic-3140w
nvd
security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

74.6%

A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08.

Affected configurations

Nvd
Node
edimaxic-3116wMatch-
AND
edimaxic-3116w_firmwareMatch3.06
Node
edimaxic-3140wMatch-
AND
edimaxic-3140w_firmwareMatch3.07
VendorProductVersionCPE
edimaxic-3116w-cpe:2.3:h:edimax:ic-3116w:-:*:*:*:*:*:*:*
edimaxic-3116w_firmware3.06cpe:2.3:o:edimax:ic-3116w_firmware:3.06:*:*:*:*:*:*:*
edimaxic-3140w-cpe:2.3:h:edimax:ic-3140w:-:*:*:*:*:*:*:*
edimaxic-3140w_firmware3.07cpe:2.3:o:edimax:ic-3140w_firmware:3.07:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.004

Percentile

74.6%

Related for CVE-2020-26762