var-201904-0921
Vulnerability from variot
system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68. TRENDnet TV-IP110WN The camera contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTV-IP110WN is a wireless webcam from TRENDnet. A buffer overflow vulnerability exists in the system.cgi file in TRENDnetTV-IP110WN. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing incorrect read and write to other associated memory locations. operating. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. write operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0921",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.2.2.28"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.2.2.64"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.2.2.65"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.2.2.68"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 0.8,
"vendor": "trendnet",
"version": "1.2.2 build 28"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 0.8,
"vendor": "trendnet",
"version": "1.2.2 build 64"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 0.8,
"vendor": "trendnet",
"version": "1.2.2 build 65"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 0.8,
"vendor": "trendnet",
"version": "1.2.2 build 68"
},
{
"model": "tv-ip110wn build",
"scope": "eq",
"trust": 0.6,
"vendor": "trendnet",
"version": "1.2.228"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 0.6,
"vendor": "trendnet",
"version": "64"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 0.6,
"vendor": "trendnet",
"version": "65"
},
{
"model": "tv-ip110wn",
"scope": "eq",
"trust": 0.6,
"vendor": "trendnet",
"version": "68"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
},
{
"db": "NVD",
"id": "CVE-2019-11417"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:trendnet:tv-ip110wn_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
}
]
},
"cve": "CVE-2019-11417",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-11417",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-16064",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-143061",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-11417",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11417",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-11417",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-16064",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1017",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-143061",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-11417",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16064"
},
{
"db": "VULHUB",
"id": "VHN-143061"
},
{
"db": "VULMON",
"id": "CVE-2019-11417"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1017"
},
{
"db": "NVD",
"id": "CVE-2019-11417"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68. TRENDnet TV-IP110WN The camera contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTV-IP110WN is a wireless webcam from TRENDnet. A buffer overflow vulnerability exists in the system.cgi file in TRENDnetTV-IP110WN. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing incorrect read and write to other associated memory locations. operating. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. write operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11417"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
},
{
"db": "CNVD",
"id": "CNVD-2019-16064"
},
{
"db": "VULHUB",
"id": "VHN-143061"
},
{
"db": "VULMON",
"id": "CVE-2019-11417"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11417",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003817",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1017",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-16064",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-143061",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-11417",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16064"
},
{
"db": "VULHUB",
"id": "VHN-143061"
},
{
"db": "VULMON",
"id": "CVE-2019-11417"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1017"
},
{
"db": "NVD",
"id": "CVE-2019-11417"
}
]
},
"id": "VAR-201904-0921",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16064"
},
{
"db": "VULHUB",
"id": "VHN-143061"
}
],
"trust": 1.22380955
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16064"
}
]
},
"last_update_date": "2024-11-23T22:17:04.977000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.trendnet.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143061"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
},
{
"db": "NVD",
"id": "CVE-2019-11417"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/zyw-200/iotfuzzer/blob/master/trendnet_response.png"
},
{
"trust": 1.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11417"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11417"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-16064"
},
{
"db": "VULHUB",
"id": "VHN-143061"
},
{
"db": "VULMON",
"id": "CVE-2019-11417"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1017"
},
{
"db": "NVD",
"id": "CVE-2019-11417"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-16064"
},
{
"db": "VULHUB",
"id": "VHN-143061"
},
{
"db": "VULMON",
"id": "CVE-2019-11417"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1017"
},
{
"db": "NVD",
"id": "CVE-2019-11417"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16064"
},
{
"date": "2019-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-143061"
},
{
"date": "2019-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11417"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003817"
},
{
"date": "2019-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1017"
},
{
"date": "2019-04-22T11:29:05.517000",
"db": "NVD",
"id": "CVE-2019-11417"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-16064"
},
{
"date": "2019-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-143061"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11417"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003817"
},
{
"date": "2019-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1017"
},
{
"date": "2024-11-21T04:21:04.480000",
"db": "NVD",
"id": "CVE-2019-11417"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TRENDnet TV-IP110WN Buffer error vulnerability in camera",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003817"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1017"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…