Lucene search

MitreCVE-2014-9263

HistoryDec 08, 2014 - 4:59 p.m.

CVE-2014-9263

2014-12-0816:59:05

CWE-119

mitre

web.nvd.nist.gov

cve-2014-9263

buffer overflow

remote code execution

pocketnet tech vms

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.295

Percentile

96.9%

JSON

Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4) SetDisplayText, (5) GetONVIFDeviceInformation, (6) GetONVIFProfiles, or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method.

Affected configurations

Nvd

Node

3s_pocketnet_tech3s_pocketnet_tech_video_management_softwareMatch-

VendorProductVersionCPE
3s_pocketnet_tech3s_pocketnet_tech_video_management_software-cpe:2.3:a:3s_pocketnet_tech:3s_pocketnet_tech_video_management_software:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
3s_pocketnet_tech	3s_pocketnet_tech_video_management_software	-	cpe:2.3:a:3s_pocketnet_tech:3s_pocketnet_tech_video_management_software:-:::::::*

References

www.securityfocus.com/bid/71488

www.zerodayinitiative.com/advisories/ZDI-14-393/

www.zerodayinitiative.com/advisories/ZDI-14-394/

www.zerodayinitiative.com/advisories/ZDI-14-395/

www.zerodayinitiative.com/advisories/ZDI-14-396/

www.zerodayinitiative.com/advisories/ZDI-14-397/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.295

Percentile

96.9%

JSON

Related for CVE-2014-9263