Buffer Overflow Vulnerability in Edimax IP-Camera Models
CVE-2020-26762

9.8CRITICAL

Key Information:

Vendor: Edimax
Status: Ic-3116w Firmware
Vendor: CVE Published:; 1 December 2020

What is CVE-2020-26762?

A stack-based buffer overflow vulnerability has been identified in the Edimax IP-Camera models IC-3116W (v3.06) and IC-3140W (v3.07). This flaw allows an unauthorized, unauthenticated attacker to execute arbitrary code remotely by sending a specially crafted GET request. The vulnerability is rooted in the absence of a type check in the doGetSysteminfo() function within the ipcam_cgi binary. Users are advised to upgrade to IC-3116W version 3.08 to mitigate this risk.

References

https://www.edimax.com/edimax/download/download/data/edim...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 1, 2020
Vulnerability Reserved
Oct 7, 2020