CVE-2019-11878
Last modified
CVE-2019-11878 is a vulnerability of currently unknown severity. An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. EPSS estimates a 0.92% chance of exploitation in the next 30 days.
Description
An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xiongmaitech | Besder Ip20h1 Firmware | 4.02.r12.00035520.12012.047500.00200 |
References
- http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.htmlExploit, Third Party Advisory
- https://www.youtube.com/watch?v=SnyPJtDDMFQExploit, Third Party Advisory
- http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.htmlExploit, Third Party Advisory
- https://www.youtube.com/watch?v=SnyPJtDDMFQExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11878?
How severe is CVE-2019-11878?
How do I fix CVE-2019-11878?
Are you affected by CVE-2019-11878?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST