|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-04-01 | |
| Rule Name: | Lorex LH300 Series ActiveX Buffer Overflow Vulnerability (CVE-2014-1201) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
| Affected OS: | Network Device | |
| Reference: | http://www.securityfocus.com/archive/1/530739/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/90223 https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: http://www.lorextechnology.com/ |