CVE-2019-11417

system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
trendnettv-ip110wn_firmware
1.2.2.28
trendnettv-ip110wn_firmware
1.2.2.64
trendnettv-ip110wn_firmware
1.2.2.65
trendnettv-ip110wn_firmware
1.2.2.68
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png
https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png