CVE-2018-3938 - An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functi

CVE-2018-3938

Summary

An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605

Vulnerable Configurations

cpe:2.3:o:sony:snc-eb600_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb600_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb600:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb600:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb630_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb630_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb630:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb630:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb600b_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb600b_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb600b:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb600b:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb630b_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb630b_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb630b:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb630b:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb602r_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb602r_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb602r:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb602r:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb632r_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-eb632r_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb632r:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-eb632r:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em600_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em600_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em600:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em600:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em601_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em601_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em601:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em601:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em630_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em630_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em630:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em630:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em631_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em631_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em631:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em631:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em602r_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em602r_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em602r:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em602r:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em632r_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em632r_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em632r:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em632r:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em602rc_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em602rc_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em602rc:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em602rc:-:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em632rc_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:o:sony:snc-em632rc_firmware:1.87.00:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em632rc:-:*:*:*:*:*:*:*
cpe:2.3:h:sony:snc-em632rc:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-04-2022 - 18:15)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605

Last major update

19-04-2022 - 18:15

Published

14-08-2018 - 19:29

Last modified

19-04-2022 - 18:15