CVE-2014-1201

Name of the Vulnerable Software and Affected Versions Lorex Edge LH310 series version 7-35-28-1B26E Lorex Edge+ LH320 series version 7-35-28-1B26E Lorex Edge2 LH330 series version 11.17.38-33 1D97A Lorex Edge3 LH340 series version 11.19.85 1FE3A

Description A buffer overflow issue exists in the INetViewX ActiveX control, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP PORT parameter.

Recommendations For Lorex Edge LH310 series version 7-35-28-1B26E, update the firmware to a version that addresses this issue. For Lorex Edge+ LH320 series version 7-35-28-1B26E, update the firmware to a version that addresses this issue. For Lorex Edge2 LH330 series version 11.17.38-33 1D97A, update the firmware to a version that addresses this issue. For Lorex Edge3 LH340 series version 11.19.85 1FE3A, update the firmware to a version that addresses this issue. As a temporary workaround, consider restricting access to the INetViewX ActiveX control to minimize the risk of exploitation.