Lucene search

[email protected]NVD:CVE-2020-15744

HistoryAug 30, 2021 - 10:15 a.m.

CVE-2020-15744

2021-08-3010:15:15

CWE-121

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-15744

buffer overflow

victure pc420

onvif server

remote code execution

firmware 1.2.2.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.8%

JSON

Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions.

Affected configurations

Nvd

Node

govicturepc420Match-

AND

govicturepc420_firmwareRange≤1.2.2

VendorProductVersionCPE
govicturepc420-cpe:2.3:h:govicture:pc420:-:*:*:*:*:*:*:*
govicturepc420_firmware*cpe:2.3:o:govicture:pc420_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
govicture	pc420	-	cpe:2.3:h:govicture:pc420:-:::::::*
govicture	pc420_firmware	*	cpe:2.3:o:govicture:pc420_firmware::::::::

References

www.bitdefender.com/blog/labs/cracking-the-victure-pc420-camera

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.8%

JSON

Related for NVD:CVE-2020-15744

cvelist1 prion1 cve1