CVE-2020-26762

Name of the Vulnerable Software and Affected Versions Edimax IP-Camera IC-3116W versions 3.06 through 3.07 Edimax IP-Camera IC-3140W version 3.07

Description A stack-based buffer-overflow exists in the Edimax IP-Camera, which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in the binary ipcam cgi due to a missing type check in the function doGetSysteminfo().

Recommendations For Edimax IP-Camera IC-3116W versions 3.06 through 3.07, update to version 3.08 to resolve the issue. For Edimax IP-Camera IC-3140W version 3.07, consider disabling the doGetSysteminfo() function as a temporary workaround until a patch is available. Restrict access to the ipcam cgi binary to minimize the risk of exploitation. Avoid using crafted GET-Requests to the affected API endpoint until the issue is resolved.