CVE-2019-11417

2019-04-2120:09:41

mitre

www.cve.org

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

65.1%

JSON

system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68.

References

github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png