PT-2024-13705 · Trendnet · Trendnet Tv-Ip1314Pi
Published
2024-01-09
·
Updated
2025-06-20
·
CVE-2023-49236
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TRENDnet TV-IP1314PI version 5.5.3 200714
Description
A stack-based buffer overflow was discovered, leading to arbitrary command execution. This occurs because of a lack of length validation during an sscanf of a user-entered
scale field in the RTSP playback function of davinci.Recommendations
For TRENDnet TV-IP1314PI version 5.5.3 200714, as a temporary workaround, consider disabling the RTSP playback function of
davinci until a patch is available. Restrict access to the davinci module to minimize the risk of exploitation. Avoid using the scale field in the affected RTSP playback function until the issue is resolved.Exploit
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Trendnet Tv-Ip1314Pi