CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12727
https://notcve.org/view.php?id=CVE-2019-12727
On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability exists in the RTSP Service provided by the ubnt-streamer binary. The issue can be triggered via malformed RTSP requests that lead to an invalid memory read. To exploit the vulnerability, an attacker must craft an RTSP request with a large number of headers. En los dispositivos Ubiquiti airCam 3.1.4, existe una vulnerabilidad de denegación de servicio en el servicio RTSP provisto por el binario ubnt-streamer. El problema se puede desencadenar mediante solicitudes RTSP con formato incorrecto que conducen a una lectura de memoria no válida. • https://github.com/X-C3LL/PoC-CVEs/blob/master/Aircam-DoS/Aircam-DoS.py • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 65%CPEs: 4EXPL: 3CVE-2013-1606 – Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2013-1606
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request. Desbordamiento de búfer en el servicio ubnt-streamer RTSP en Ubiquiti UBNT AirCam con airVision firmware anterior a v1.1.6 permite a atacantes remotos ejecutar código arbitrario a través de un rtsp de gran longitud: URI en una solicitud DESCRIBE. • https://www.exploit-db.com/exploits/26138 http://www.coresecurity.com/advisories/buffer-overflow-ubiquiti-aircam-rtsp-service http://www.exploit-db.com/exploits/26138 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •