| Título | Sricam IP CCTV Camera - Device Viewer - Change Password Stack-based Memory Corruption |
|---|
| Descrição | It was found that Sricam Device Viewer, a device management interface for IP CCTV Cameras by Sricam, is vulnerable to a stack-based memory corruption. A stack-based memory corruption, buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. This vulnerability could be exploited to trigger a denial-of-service condition, execute arbitrary code, or alter the original flow of the program causing unexpected behaviours.
Affected by the vulnerability is the field "old password" of the change-password functionality. The manipulation of the password parameter with a crafted payload leads to the possibility to alter the flow of the program and to change the current user password with a new one, without possessing the old password. The CWE definition for the vulnerability is CWE-121. As an impact it is known to affect confidentiality, integrity, and availability. |
|---|
| Utilizador | Anonymous User |
|---|
| Submissão | 05/04/2020 00h18 (há 6 anos) |
|---|
| Moderação | 10/08/2020 10h52 (4 months later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 159432 [Sricam IP CCTV Camera Device Viewer Excesso de tampão] |
|---|
| Pontos | 17 |
|---|