Vulnerabilities > CVE-2018-3938 - Out-of-bounds Write vulnerability in Sony products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
sony
CWE-787
critical
NVD
Published: 2018-08-14
Updated: 2022-04-19

Summary

An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
OS
Sony
14
Hardware
Sony
14

Common Weakness Enumeration (CWE)

Talos

idTALOS-2018-0605
last seen2019-05-29
published2018-07-20
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605
titleSony IPELA E Series Camera 802dot1xclientcert remote code execution vulnerability

References