|
|||
Rule General Information |
---|
Release Date: | 2021-04-01 | |
Rule Name: | Lorex LH300 Series ActiveX Buffer Overflow Vulnerability (CVE-2014-1201) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter. | |
Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
Affected OS: | Network Device | |
Reference: | http://www.securityfocus.com/archive/1/530739/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/90223 https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html |
|
Solutions |
---|
The vendor has released upgrade patches to fix vulnerabilities, please visit: http://www.lorextechnology.com/ |