Remote Stack-Based Buffer Overflow in Vivotek SD9364 Security Camera
CVE-2024-7441

9.8CRITICAL

Key Information:

Vendor: Vivotek
Status: Sd9364 Firmware
Vendor: CVE Published:; 3 August 2024

What is CVE-2024-7441?

A significant vulnerability exists in the Vivotek SD9364 camera affecting the httpd component. By manipulating the Content-Length argument, an attacker can trigger a stack-based buffer overflow, enabling potential remote code execution. The vulnerability is particularly concerning as it affects a product that is no longer supported, leaving users vulnerable to exploitation. The public disclosure of this exploit increases the urgency for affected users to take precautions. The vendor has acknowledged that the affected version is classified as end-of-life, reinforcing the need for users to assess their security posture and consider upgrading their systems to maintain protection.

References

https://vuldb.com/?id.273526

https://vuldb.com/?ctiid.273526

https://vuldb.com/?submit.383842

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2024