CVE-2018-8072 - OpenCVE

An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Edimax	Ic-5150w Firmware Ic-3140w Ic-3140w Firmware Ic-6220dc Ic-5150w Ic-6220dc Firmware

Configuration 1 [-]

AND

cpe:2.3:o:edimax:ic-3140w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:edimax:ic-3140w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:edimax:ic-5150w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:edimax:ic-5150w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:edimax:ic-6220dc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:edimax:ic-6220dc:-:*:*:*:*:*:*:*

References

Link	Resource
https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt	Exploit Third Party Advisory
https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf	Exploit Technical Description Third Party Advisory
https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w	Patch Product Vendor Advisory
https://www.nemux.org/2018/04/24/cve-2018-8072/	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-04-26T15:00:00

Updated: 2018-04-26T14:57:02

Reserved: 2018-03-12T00:00:00

Link: CVE-2018-8072

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-04-26T15:29:00.477

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-8072

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-26T14:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-8072", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf", "refsource": "MISC", "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"}, {"name": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt", "refsource": "MISC", "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"}, {"name": "https://www.nemux.org/2018/04/24/cve-2018-8072/", "refsource": "MISC", "url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"}, {"name": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w", "refsource": "CONFIRM", "url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-8072", "datePublished": "2018-04-26T15:00:00", "dateReserved": "2018-03-12T00:00:00", "dateUpdated": "2018-04-26T14:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:edimax:ic-3140w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7903DE01-E270-4F73-A407-88BC0EDDF542", "versionEndIncluding": "3.06", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:ic-3140w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4263A638-4D3D-4546-965F-F691B8CF05CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:edimax:ic-5150w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAF33E6B-EC34-4B90-8AB1-903744B73426", "versionEndIncluding": "3.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:ic-5150w:-:*:*:*:*:*:*:*", "matchCriteriaId": "A937B4AF-E205-48D9-88B7-3C05663A9EAC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:edimax:ic-6220dc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F2EADA6-DCA2-4C19-AB4B-1AAA97F727D1", "versionEndIncluding": "3.06", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:ic-6220dc:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BA5385F-73AF-4765-8D1A-FD4EAF62A6B1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en los dispositivos EDIMAX IC-3140W hasta la versi\u00f3n 3.06, IC-5150W hasta la 3.09 e IC-6220DC hasta la 3.06. El binario ipcam_cgi contiene un desbordamiento de b\u00fafer basado en pila que es posible desencadenar desde una petici\u00f3n HTTP remota no autenticada /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE. Si la longitud de VALUE_HERE es mayor que 0x400 (1024), es posible sobrescribir otros valores localizados en la pila debido a un uso incorrecto de la funci\u00f3n strcpy()."}], "id": "CVE-2018-8072", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-26T15:29:00.477", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf"}, {"source": "cve@mitre.org", "tags": ["Patch", "Product", "Vendor Advisory"], "url": "https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.nemux.org/2018/04/24/cve-2018-8072/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}