CVE-2019-11014

Name of the Vulnerable Software and Affected Versions VStarCam library versions (affected versions not specified) Eye4 application versions (affected versions not specified)

Description The issue allows an attacker to create a fake camera server, impersonate the real camera, and intercept client communications. This is achieved by exploiting the lack of spoofing prevention in the VStarCam library and shared object used by the Eye4 application. The attacker can flood the client with responses, causing it to deny service to the original camera and communicate exclusively with the fake server. As a result, the client sends login details, including username and password, to the attacker's fake camera server.

Recommendations For VStarCam library, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Eye4 application, at the moment, there is no information about a newer version that contains a fix for this vulnerability.