SB2021031610 - Multiple vulnerabilities in Moxa VPort 06EC-2V Series IP Cameras

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021031610

SB2021031610 - Multiple vulnerabilities in Moxa VPort 06EC-2V Series IP Cameras

Published: March 16, 2021

Security Bulletin ID SB2021031610
Severity
High
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a NULL pointer dereference error when the application allows a cookie parameter to consist of only digits. A remote attacker can perform a brute force attack to bypass authentication and gain access to device functions.


2) Integer overflow (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow. A remote attacker can edit the element of an HTTP request, trigger integer overflow and cause a denial of service condition on the target system.


3) Out-of-bounds read (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or cause the device to become unavailable.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References