The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.
References
Link | Resource |
---|---|
https://github.com/badnack/Insteon_2864-222 | Exploit Third Party Advisory |
https://github.com/badnack/Insteon_2864-222 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/badnack/Insteon_2864-222 - Exploit, Third Party Advisory |
22 Jun 2021, 20:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:insteon:hd_ip_camera_white:*:*:*:*:*:*:*:* |
cpe:2.3:o:insteon:2864-222_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:insteon:2864-222:*:*:*:*:*:*:*:* |
Information
Published : 2018-06-23 22:29
Updated : 2024-11-21 03:43
NVD link : CVE-2018-11560
Mitre link : CVE-2018-11560
CVE.ORG link : CVE-2018-11560
JSON object : View
Products Affected
insteon
- 2864-222
- 2864-222_firmware
CWE
CWE-787
Out-of-bounds Write