CVE-2014-1201

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
lorex_technologyedge3_lh340_firmware
11.19.85_1fe3a:_1fe3a
lorex_technologyedge2_lh330_firmware
11.17.38-33_1d97a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/101903
http://www.securityfocus.com/archive/1/530739/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/90223
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html
http://osvdb.org/101903
http://www.securityfocus.com/archive/1/530739/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/90223
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html