CVSS: 9.0EPSS: 3%CPEs: 3EXPL: 3CVE-2013-1598 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1598
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. Se presenta una vulnerabilidad de Inyección de Comandos en Vivotek PT7135 IP Cameras versiones 0300a y 0400a, por medio del parámetro system.ntp en el archivo binario farseer.out, lo que podría permitir a un usuario malicioso ejecutar código arbitrario. • https://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59575 https://exchange.xforce.ibmcloud.com/vulnerabilities/83946 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1598 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 7%CPEs: 3EXPL: 3CVE-2013-1595 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1595
A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service. Se presenta una vulnerabilidad de desbordamiento de búfer en Vivotek PT7135 IP Camera versiones 0300a y 0400a, por medio de un paquete especialmente diseñado en el campo de encabezado Authorization enviado al servicio RTSP, lo que podría permitir a un usuario malicioso remoto ejecutar un código arbitrario o causar una denegación de servicio. • https://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59573 https://exchange.xforce.ibmcloud.com/vulnerabilities/83944 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1595 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 2%CPEs: 3EXPL: 3CVE-2013-1597 – Vivotek IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1597
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. Se presenta una vulnerabilidad de Salto de Directorio en Vivotek PT7135 IP Cameras versiones 0300a y 0400a, por medio de una petición GET especialmente diseñada, lo que podría permitir a un usuario malicioso obtener credenciales de usuario. • https://www.exploit-db.com/exploits/25139 http://www.securityfocus.com/bid/59576 https://exchange.xforce.ibmcloud.com/vulnerabilities/83947 https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt https://packetstormsecurity.com/files/cve/CVE-2013-1597 https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 26%CPEs: 4EXPL: 2CVE-2008-4771 – D-Link MPEG4 SHM Audio Control - 'VAPGDecoder.dll 1.7.0.5' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4771
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en el control ActiveX VATDecoder.VatCtrl.1 en (1) 4xem VatCtrl Class (VATDecoder.dll v1.0.0.27 y v1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll v1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll v2.0.0.39), y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección a través de una propiedad de la URL larga. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/5193 http://osvdb.org/42378 http://osvdb.org/43007 http://secunia.com/advisories/29131 http://secunia.com/advisories/29145 http://secunia.com/advisories/29146 http://securityreason.com/securityalert/4517 http://www.securityfocus.com/bid/28010 http://www.vupen.com/english/advisories/2008/0685/references http://www.vupen.com/english/advisories/2008/0686/references http://www.vupen.com/english/advisories/2008/0687/references https://excha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 6%CPEs: 1EXPL: 1CVE-2007-3167 – Vivotek Motion Jpeg Control - 'MjpegDecoder.dll 2.0.0.13' Remote Overflow
https://notcve.org/view.php?id=CVE-2007-3167
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value. Desbordamiento de búfer basado en pila en el controlador ActiveX Vivotek Motion Jpeg (también conocido como MjpegControl) en MjpegDecoder.dll 2.0.0.13 permite a atacantes remotos ejecutar código de su elección a través de un valor largo adecuado PtzUrl. • https://www.exploit-db.com/exploits/4015 http://osvdb.org/39230 http://www.securityfocus.com/bid/24245 https://exchange.xforce.ibmcloud.com/vulnerabilities/34615 •