Search
Find a vulnerability
Search criteria
4 vulnerabilities found for ic-5150w_firmware by edimax
CVE-2024-7616 (GCVE-0-2024-7616)
Vulnerability from nvd – Published: 2024-08-08 23:00 – Updated: 2024-08-09 17:20
VLAI
Title
Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection
Summary
A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Command Injection
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.273986 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.273986 | signaturepermissions-required |
| https://vuldb.com/?submit.383845 | third-party-advisory |
| https://yjz233.notion.site/edimax-IC-6220DC-has-c… | broken-link |
| https://yjz233.notion.site/edimax-IC-5150W-has-co… | broken-link |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T15:03:06.289927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T17:20:00.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IC-6220DC",
"vendor": "Edimax",
"versions": [
{
"status": "affected",
"version": "3.06"
}
]
},
{
"product": "IC-5150W",
"vendor": "Edimax",
"versions": [
{
"status": "affected",
"version": "3.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jylsec (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Edimax IC-6220DC and IC-5150W bis 3.06 ausgemacht. Es geht hierbei um die Funktion cgiFormString der Datei ipcam_cgi. Durch das Beeinflussen des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T23:00:06.211Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273986 | Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273986"
},
{
"name": "VDB-273986 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273986"
},
{
"name": "Submit #383845 | edimax IC-6220DC 3.06 command injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.383845"
},
{
"tags": [
"broken-link"
],
"url": "https://yjz233.notion.site/edimax-IC-6220DC-has-command-injection-vulnerability-in-ipcam_cgi-2029d67721f2473b8cfce5e286a70307?pvs=4"
},
{
"tags": [
"broken-link"
],
"url": "https://yjz233.notion.site/edimax-IC-5150W-has-command-injection-vulnerability-in-ipcam_cgi-cc72c7b7e2f24ba6a6609b6fcf78df34"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-08T16:42:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7616",
"datePublished": "2024-08-08T23:00:06.211Z",
"dateReserved": "2024-08-08T14:36:13.737Z",
"dateUpdated": "2024-08-09T17:20:00.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8072 (GCVE-0-2018-8072)
Vulnerability from nvd – Published: 2018-04-26 15:00 – Updated: 2024-08-05 06:46
VLAI
Summary
An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://gitlab.com/nemux/CVE-2018-8072/blob/maste… | x_refsource_MISC |
| https://gitlab.com/nemux/CVE-2018-8072/blob/maste… | x_refsource_MISC |
| https://www.nemux.org/2018/04/24/cve-2018-8072/ | x_refsource_MISC |
| https://www.edimax.com/edimax/download/download/d… | x_refsource_CONFIRM |
Date Public
2018-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:12.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-26T14:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf",
"refsource": "MISC",
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
},
{
"name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt",
"refsource": "MISC",
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
},
{
"name": "https://www.nemux.org/2018/04/24/cve-2018-8072/",
"refsource": "MISC",
"url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
},
{
"name": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w",
"refsource": "CONFIRM",
"url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8072",
"datePublished": "2018-04-26T15:00:00.000Z",
"dateReserved": "2018-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:12.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7616 (GCVE-0-2024-7616)
Vulnerability from cvelistv5 – Published: 2024-08-08 23:00 – Updated: 2024-08-09 17:20
VLAI
Title
Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection
Summary
A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Command Injection
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.273986 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.273986 | signaturepermissions-required |
| https://vuldb.com/?submit.383845 | third-party-advisory |
| https://yjz233.notion.site/edimax-IC-6220DC-has-c… | broken-link |
| https://yjz233.notion.site/edimax-IC-5150W-has-co… | broken-link |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T15:03:06.289927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T17:20:00.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IC-6220DC",
"vendor": "Edimax",
"versions": [
{
"status": "affected",
"version": "3.06"
}
]
},
{
"product": "IC-5150W",
"vendor": "Edimax",
"versions": [
{
"status": "affected",
"version": "3.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jylsec (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Edimax IC-6220DC and IC-5150W bis 3.06 ausgemacht. Es geht hierbei um die Funktion cgiFormString der Datei ipcam_cgi. Durch das Beeinflussen des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T23:00:06.211Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273986 | Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273986"
},
{
"name": "VDB-273986 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273986"
},
{
"name": "Submit #383845 | edimax IC-6220DC 3.06 command injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.383845"
},
{
"tags": [
"broken-link"
],
"url": "https://yjz233.notion.site/edimax-IC-6220DC-has-command-injection-vulnerability-in-ipcam_cgi-2029d67721f2473b8cfce5e286a70307?pvs=4"
},
{
"tags": [
"broken-link"
],
"url": "https://yjz233.notion.site/edimax-IC-5150W-has-command-injection-vulnerability-in-ipcam_cgi-cc72c7b7e2f24ba6a6609b6fcf78df34"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-08T16:42:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7616",
"datePublished": "2024-08-08T23:00:06.211Z",
"dateReserved": "2024-08-08T14:36:13.737Z",
"dateUpdated": "2024-08-09T17:20:00.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8072 (GCVE-0-2018-8072)
Vulnerability from cvelistv5 – Published: 2018-04-26 15:00 – Updated: 2024-08-05 06:46
VLAI
Summary
An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://gitlab.com/nemux/CVE-2018-8072/blob/maste… | x_refsource_MISC |
| https://gitlab.com/nemux/CVE-2018-8072/blob/maste… | x_refsource_MISC |
| https://www.nemux.org/2018/04/24/cve-2018-8072/ | x_refsource_MISC |
| https://www.edimax.com/edimax/download/download/d… | x_refsource_CONFIRM |
Date Public
2018-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:12.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-26T14:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf",
"refsource": "MISC",
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"
},
{
"name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt",
"refsource": "MISC",
"url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"
},
{
"name": "https://www.nemux.org/2018/04/24/cve-2018-8072/",
"refsource": "MISC",
"url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"
},
{
"name": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w",
"refsource": "CONFIRM",
"url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8072",
"datePublished": "2018-04-26T15:00:00.000Z",
"dateReserved": "2018-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:12.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}