Lucene search

MitreCVE-2023-49236

HistoryJan 09, 2024 - 9:15 a.m.

CVE-2023-49236

2024-01-0909:15:42

CWE-787

mitre

web.nvd.nist.gov

cve-2023-49236

trendnet

tv-ip1314pi

stack-based buffer overflow

arbitrary command execution

nvd

security

vulnerability

rtsp

davinci

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

52.0%

JSON

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci.

Affected configurations

Nvd

Node

trendnettv-ip1314pi_firmwareMatch5.5.3200714

AND

trendnettv-ip1314piMatch-

VendorProductVersionCPE
trendnettv-ip1314pi_firmware5.5.3cpe:2.3:o:trendnet:tv-ip1314pi_firmware:5.5.3:200714:*:*:*:*:*:*
trendnettv-ip1314pi-cpe:2.3:h:trendnet:tv-ip1314pi:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendnet	tv-ip1314pi_firmware	5.5.3	cpe:2.3:o:trendnet:tv-ip1314pi_firmware:5.5.3:200714::::::
trendnet	tv-ip1314pi	-	cpe:2.3:h:trendnet:tv-ip1314pi:-:::::::*

References

drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing

github.com/pcsle37/TRENDnet/blob/main/TRENDnet_vul.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

52.0%

JSON

Related for CVE-2023-49236