Vulnerability Details : CVE-2014-1201
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-1201
Probability of exploitation activity in the next 30 days: 69.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1201
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-1201
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1201
-
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html
Page not found · GitHub · GitHub
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90223
Lorex Technologies ActiveX control buffer overflow CVE-2014-1201 Vulnerability Report
-
http://www.securityfocus.com/archive/1/530739/100/0/threaded
SecurityFocus
-
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt
Page not found · GitHub · GitHub
Products affected by CVE-2014-1201
- cpe:2.3:a:lorex_technology:edge_lh310_firmware:7-35-28-1b26e:*:*:*:*:*:*:*
- cpe:2.3:a:lorex_technology:edge2_lh330_firmware:11.17.38-33_1d97a:*:*:*:*:*:*:*
- cpe:2.3:a:lorex_technology:edge3_lh340_firmware:11.19.85_1fe3a:*:*:*:*:*:*:*
- cpe:2.3:a:lorex_technology:edge\+_lh320_firmware:7-35-28-1b26e:*:*:*:*:*:*:*
- cpe:2.3:h:lorextechnology:edge:lh310:*:*:*:*:*:*:*
- cpe:2.3:h:lorextechnology:edge3:lh340:*:*:*:*:*:*:*
- cpe:2.3:h:lorextechnology:edge2:lh330:*:*:*:*:*:*:*
- cpe:2.3:h:lorextechnology:edge\+:lh320:*:*:*:*:*:*:*