CVE-2018-8072

Name of the Vulnerable Software and Affected Versions: EDIMAX IC-3140W versions 3.06 and earlier EDIMAX IC-5150W versions 3.09 and earlier EDIMAX IC-6220DC versions 3.06 and earlier

Description: An issue was discovered in EDIMAX devices, where the ipcam cgi binary contains a stack-based buffer overflow. This can be triggered remotely without authentication through the "/camera-cgi/public/getsysyeminfo.cgi" API endpoint by sending an HTTP request with a VALUE HERE length of more than 1024 characters, allowing an attacker to overwrite other values on the stack due to the incorrect use of the strcpy() function.

Recommendations: For EDIMAX IC-3140W versions 3.06 and earlier, update to a version that fixes the issue with the ipcam cgi binary. For EDIMAX IC-5150W versions 3.09 and earlier, update to a version that fixes the issue with the ipcam cgi binary. For EDIMAX IC-6220DC versions 3.06 and earlier, update to a version that fixes the issue with the ipcam cgi binary. As a temporary workaround, consider restricting access to the "/camera-cgi/public/getsysyeminfo.cgi" API endpoint to minimize the risk of exploitation.