| Title | Sricam IP CCTV Camera - Device Viewer - Add User Stack-based Memory Corruption |
|---|
| Description | It was found that Sricam Device Viewer, a device management interface for IP CCTV Cameras by Sricam, is vulnerable to a stack-based memory corruption. A stack-based memory corruption, buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. This vulnerability could be exploited to trigger a denial-of-service condition, or to execute arbitrary code, eventually achieving a local privilege escalation.
Affected by the functionality is the field "username" of the add-user functionality. The manipulation of the user parameter with a crafted payload leads to the possibility to overwrite arbitrary memmory locations, and can lead to code execution on the underlying server. The CWE definition for the vulnerability is CWE-121. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was discovered during October 2019 by Alessandro Magnosi and it is uniquely identified as CVE-2020-XXXX. The exploitability is told to be non-trivial. It is possible to launch the attack locally. A single authentication is necessary for exploitation. Technical details are known, and a public exploit has been developed by Alessandro Magnosi (d3adc0de) and released to the public. |
|---|
| Source | ⚠️ https://www.exploit-db.com/exploits/47477 |
|---|
| User | Anonymous User |
|---|
| Submission | 04/05/2020 00:17 (6 years ago) |
|---|
| Moderation | 08/10/2020 10:51 (4 months later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 159431 [Sricam IP CCTV Camera Device Viewer stack-based overflow] |
|---|
| Points | 20 |
|---|