Required CVE Record Information
Description
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
References 5 Total
- securityfocus.com: 20140110 [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow mailing-list
- https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html
- https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt
- exchange.xforce.ibmcloud.com: lorex-cve20141201-bo(90223) vdb-entry
- osvdb.org: 101903 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- securityfocus.com: 20140110 [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow mailing-listx_transferred
- https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html x_transferred
- https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt x_transferred
- exchange.xforce.ibmcloud.com: lorex-cve20141201-bo(90223) vdb-entryx_transferred
- osvdb.org: 101903 vdb-entryx_transferred