← back
CVE-2014-1201

CVE-2014-1201

EPSS 29.5%
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/43891unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/101903https://exchange.xforce.ibmcloud.com/vulnerabilities/90223https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txthttps://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.htmlhttp://www.securityfocus.com/archive/1/530739/100/0/threaded