PT-2019-12538 · Xiongmai · Xiongmai Besder Ip20H1

Published

2019-05-10

Updated

2019-05-13

CVE-2019-11878

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions XiongMai Besder IP20H1 version 4.02.R12.00035520.12012.047500.00200

Description An issue allows an attacker on the same local network to crash the camera by sending a crafted message with a size field larger than 0x80000000, potentially related to an integer overflow or use of a negative number. This results in the camera crashing for about 120 seconds.

Recommendations For XiongMai Besder IP20H1 version 4.02.R12.00035520.12012.047500.00200, as a temporary workaround, consider restricting access to the camera from the local network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2019-11878

Affected Products

Xiongmai Besder Ip20H1

PT-2019-12538 · Xiongmai · Xiongmai Besder Ip20H1

CVE-2019-11878

Weakness Enumeration

Related Identifiers

Affected Products

References · 4