CVE-2018-14496
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
** EN DISPUTA ** Los dispositivos FD8136 de Vivotek, permiten una corrupción de memoria remota y ejecución de código remota debido a un desbordamiento de búfer en la región stack de la memoria, relacionado con sprintf, la función vlocal_buff_4326 y el archivo set_getparam.cgi. NOTA: El proveedor ha cuestionado esto como una vulnerabilidad y declara que el problema no causa un bloqueo del servidor web ni tiene ningún otro efecto en su rendimiento.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-21 CVE Reserved
- 2019-07-10 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-08-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vivotek Search vendor "Vivotek" | Fd8136 Firmware Search vendor "Vivotek" for product "Fd8136 Firmware" | 0301a Search vendor "Vivotek" for product "Fd8136 Firmware" and version "0301a" | - |
Affected
| in | Vivotek Search vendor "Vivotek" | Fd8136 Search vendor "Vivotek" for product "Fd8136" | - | - |
Safe
|