CVE-2018-3938
Severity Score
10.0
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.
Existe una vulnerabilidad de desbordamiento de búfer basado en pila explotable en la funcionalidad 802dot1xclientcert.cgi de Sony IPELA E Series Camera G5 con la versión 1.87.00 de firmware. Una petición POST especialmente manipulada puede provocar un desbordamiento de búfer basado en pila que daría lugar a la ejecución remota de código. Un atacante puede enviar una petición POST maliciosa para provocar esta vulnerabilidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-02 CVE Reserved
- 2018-08-14 CVE Published
- 2024-09-16 CVE Updated
- 2024-11-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sony Search vendor "Sony" | Snc-eb600 Firmware Search vendor "Sony" for product "Snc-eb600 Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-eb600 Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-eb600 Search vendor "Sony" for product "Snc-eb600" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-eb630 Firmware Search vendor "Sony" for product "Snc-eb630 Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-eb630 Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-eb630 Search vendor "Sony" for product "Snc-eb630" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-eb600b Firmware Search vendor "Sony" for product "Snc-eb600b Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-eb600b Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-eb600b Search vendor "Sony" for product "Snc-eb600b" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-eb630b Firmware Search vendor "Sony" for product "Snc-eb630b Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-eb630b Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-eb630b Search vendor "Sony" for product "Snc-eb630b" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-eb602r Firmware Search vendor "Sony" for product "Snc-eb602r Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-eb602r Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-eb602r Search vendor "Sony" for product "Snc-eb602r" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-eb632r Firmware Search vendor "Sony" for product "Snc-eb632r Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-eb632r Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-eb632r Search vendor "Sony" for product "Snc-eb632r" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-em600 Firmware Search vendor "Sony" for product "Snc-em600 Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-em600 Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-em600 Search vendor "Sony" for product "Snc-em600" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-em601 Firmware Search vendor "Sony" for product "Snc-em601 Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-em601 Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-em601 Search vendor "Sony" for product "Snc-em601" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-em630 Firmware Search vendor "Sony" for product "Snc-em630 Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-em630 Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-em630 Search vendor "Sony" for product "Snc-em630" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-em631 Firmware Search vendor "Sony" for product "Snc-em631 Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-em631 Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-em631 Search vendor "Sony" for product "Snc-em631" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-em602r Firmware Search vendor "Sony" for product "Snc-em602r Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-em602r Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-em602r Search vendor "Sony" for product "Snc-em602r" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-em632r Firmware Search vendor "Sony" for product "Snc-em632r Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-em632r Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-em632r Search vendor "Sony" for product "Snc-em632r" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-em602rc Firmware Search vendor "Sony" for product "Snc-em602rc Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-em602rc Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-em602rc Search vendor "Sony" for product "Snc-em602rc" | - | - |
Safe
|
| Sony Search vendor "Sony" | Snc-em632rc Firmware Search vendor "Sony" for product "Snc-em632rc Firmware" | 1.87.00 Search vendor "Sony" for product "Snc-em632rc Firmware" and version "1.87.00" | - |
Affected
| in | Sony Search vendor "Sony" | Snc-em632rc Search vendor "Sony" for product "Snc-em632rc" | - | - |
Safe
|