Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ic-5150w_firmware by edimax

    CVE-2024-7616 (GCVE-0-2024-7616)

    Vulnerability from nvd – Published: 2024-08-08 23:00 – Updated: 2024-08-09 17:20
    VLAI
    Title
    Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection
    Summary
    A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    jylsec (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T15:03:06.289927Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T17:20:00.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IC-6220DC",
              "vendor": "Edimax",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.06"
                }
              ]
            },
            {
              "product": "IC-5150W",
              "vendor": "Edimax",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.06"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "jylsec (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Edimax IC-6220DC and IC-5150W bis 3.06 ausgemacht. Es geht hierbei um die Funktion cgiFormString der Datei ipcam_cgi. Durch das Beeinflussen des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.2,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-08T23:00:06.211Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273986 | Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273986"
            },
            {
              "name": "VDB-273986 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273986"
            },
            {
              "name": "Submit #383845 | edimax IC-6220DC 3.06 command injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.383845"
            },
            {
              "tags": [
                "broken-link"
              ],
              "url": "https://yjz233.notion.site/edimax-IC-6220DC-has-command-injection-vulnerability-in-ipcam_cgi-2029d67721f2473b8cfce5e286a70307?pvs=4"
            },
            {
              "tags": [
                "broken-link"
              ],
              "url": "https://yjz233.notion.site/edimax-IC-5150W-has-command-injection-vulnerability-in-ipcam_cgi-cc72c7b7e2f24ba6a6609b6fcf78df34"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-08-08T16:42:20.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7616",
        "datePublished": "2024-08-08T23:00:06.211Z",
        "dateReserved": "2024-08-08T14:36:13.737Z",
        "dateUpdated": "2024-08-09T17:20:00.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8072 (GCVE-0-2018-8072)

    Vulnerability from nvd – Published: 2018-04-26 15:00 – Updated: 2024-08-05 06:46
    VLAI
    Summary
    An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:46:12.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-26T14:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-8072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
                },
                {
                  "name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
                },
                {
                  "name": "https://www.nemux.org/2018/04/24/cve-2018-8072/",
                  "refsource": "MISC",
                  "url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
                },
                {
                  "name": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w",
                  "refsource": "CONFIRM",
                  "url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-8072",
        "datePublished": "2018-04-26T15:00:00.000Z",
        "dateReserved": "2018-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:46:12.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7616 (GCVE-0-2024-7616)

    Vulnerability from cvelistv5 – Published: 2024-08-08 23:00 – Updated: 2024-08-09 17:20
    VLAI
    Title
    Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection
    Summary
    A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    jylsec (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T15:03:06.289927Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T17:20:00.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IC-6220DC",
              "vendor": "Edimax",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.06"
                }
              ]
            },
            {
              "product": "IC-5150W",
              "vendor": "Edimax",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.06"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "jylsec (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Edimax IC-6220DC and IC-5150W bis 3.06 ausgemacht. Es geht hierbei um die Funktion cgiFormString der Datei ipcam_cgi. Durch das Beeinflussen des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.2,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-08T23:00:06.211Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273986 | Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273986"
            },
            {
              "name": "VDB-273986 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273986"
            },
            {
              "name": "Submit #383845 | edimax IC-6220DC 3.06 command injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.383845"
            },
            {
              "tags": [
                "broken-link"
              ],
              "url": "https://yjz233.notion.site/edimax-IC-6220DC-has-command-injection-vulnerability-in-ipcam_cgi-2029d67721f2473b8cfce5e286a70307?pvs=4"
            },
            {
              "tags": [
                "broken-link"
              ],
              "url": "https://yjz233.notion.site/edimax-IC-5150W-has-command-injection-vulnerability-in-ipcam_cgi-cc72c7b7e2f24ba6a6609b6fcf78df34"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-08-08T16:42:20.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7616",
        "datePublished": "2024-08-08T23:00:06.211Z",
        "dateReserved": "2024-08-08T14:36:13.737Z",
        "dateUpdated": "2024-08-09T17:20:00.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8072 (GCVE-0-2018-8072)

    Vulnerability from cvelistv5 – Published: 2018-04-26 15:00 – Updated: 2024-08-05 06:46
    VLAI
    Summary
    An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:46:12.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-26T14:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-8072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
                },
                {
                  "name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
                },
                {
                  "name": "https://www.nemux.org/2018/04/24/cve-2018-8072/",
                  "refsource": "MISC",
                  "url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
                },
                {
                  "name": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w",
                  "refsource": "CONFIRM",
                  "url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-8072",
        "datePublished": "2018-04-26T15:00:00.000Z",
        "dateReserved": "2018-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:46:12.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }