NVD

Id
29901  
Name
CVE-2014-1201  
Description
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2014-01-15  
Modified Date
2014-04-22  
Seq
2014-1201  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
157651 29901 CVE-2014-1201 20140110 [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow  View
157652 29901 CVE-2014-1201 lorex-cve20141201-bo(90223)  View
157653 29901 CVE-2014-1201 https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt  View
157654 29901 CVE-2014-1201 https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
12302 JVNDB-2014-001177 複数の Lorex Edge 製品のファームウェアの INetViewX ActiveX コントロールにおけるバッファオーバーフローの脆弱性 Lorex Edge LH310、Edge+ LH320、Edge2 LH330、および Edge3 LH340 シリーズのファームウェアの INetViewX ActiveX コントロールには、バッファオーバーフローの脆弱性が存在します。 CVE-2014-1201 68487 CVE-2014-1201 29901 10 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001177.html 2014-01-09 2014-01-20 View