Buffer Overflow Vulnerability in TRENDnet IP Cameras
CVE-2019-11417

9.8CRITICAL

Key Information:

Vendor: Trendnet
Status: Tv-ip110wn Firmware
Vendor: CVE Published:; 22 April 2019

What is CVE-2019-11417?

The TRENDnet TV-IP110WN cameras exhibit a buffer overflow vulnerability in the system.cgi file due to insufficient validation of source length before executing a strcpy operation within the respondAsp function. Attackers can exploit this flaw by manipulating the languse parameter with lengthy input strings, potentially leading to unauthorized access or execution of arbitrary code. Affected versions include 1.2.2 build 28, 64, 65, and 68, emphasizing the need for immediate security measures.

References

https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2019
Vulnerability Reserved
Apr 21, 2019