Main Vulnerability Database SB2017071814

SB2017071814 - Remote code execution in Dahua IP cameras Sonia

Published: August 2, 2017

Security Bulletin ID SB2017071814

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Stack-based buffer overflow (CVE-ID: CVE-2017-3223)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to improper validation of input data length for the 'password' field of the web interface. A remote attacker can submit a specially crafted POST request to the IP camera's Sonia web interface, trigger stack-based buffer overflow and possibly execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

http://www.kb.cert.org/vuls/id/547255