14 matches found
(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sonia module. The issue results from the lack of...
Dahua Security Cameras Stack-based Buffer Overflow (CVE-2017-3223)
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia /usr/bin/sonia that provides the web interface and oth...
soniaaureacakes.com Cross Site Scripting vulnerability OBB-3906768
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
soniatapiaphotography.com Cross Site Scripting vulnerability OBB-3657088
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2017-8230
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrativ...
CVE-2017-8226
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...
CVE-2017-3223
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia /usr/bin/sonia that provides the web interface and oth...
Stack overflow
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia /usr/bin/sonia that provides the web interface and oth...
CVE-2017-3223
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia /usr/bin/sonia that provides the web interface and oth...
CVE-2017-3223 Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia /usr/bin/sonia that provides the web interface and oth...
EUVD-2017-12344
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia /usr/bin/sonia that provides the web interface and oth...
CVE-2017-3223
CVE-2017-3223 affects Dahua IP cameras via the Sonia web interface (/usr/bin/sonia). Older firmware (pre V2.400.0000.14.R.20170713) does not validate input length for the password field, enabling a remote, unauthenticated attacker to send crafted POST requests that may trigger out-of-bounds memor...
The vulnerability of the web interface of the Sonia (/user/bin/sonia) application, a micro-programmed software for Dahua IP cameras, allows a intruder to trigger a service failure or execute arbitrary code.
The vulnerability of the web interface of the Sonia /user/bin/sonia application, a microprogramming-based IP camera from Dahua, arises due to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure operations beyond memory...
Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow
Overview Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Description CWE-121: Stack-based Buffer Overflow - CVE-2017-3223Dahua IP camera products include an...