Vulnerabilities > CVE-2018-14496 - Out-of-bounds Write vulnerability in Vivotek Fd8136 Firmware 0301A
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/
- https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/
- https://www.vdalabs.com/2018/11/29/professional-iot-hacking-series-hunting-remote-memory-corruption/
- https://www.vdalabs.com/2018/11/29/professional-iot-hacking-series-hunting-remote-memory-corruption/