CVE-2018-17240

Published: Jun 10, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password).

Affected (2)

Products: Netwavepr: Indoor Ip Camera Firmware, Outdoor Ip Camera Firmware

Netwavepr

2 products

Indoor Ip Camera Firmware

Outdoor Ip Camera Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netwavepr Indoor Ip Camera Firmware	All versions

Running on/with	Platform Versions
Netwavepr Indoor Ip Camera	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netwavepr Outdoor Ip Camera Firmware	All versions

Running on/with	Platform Versions
Netwavepr Outdoor Ip Camera	All versions

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://github.com/BBge/CVE-2018-17240

Source: cve@mitre.org

Third Party Advisory

https://github.com/BBge/CVE-2018-17240/blob/main/exploit.py

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.bbge.org/file/exploit.py

Source: cve@mitre.org

Broken Link

https://github.com/BBge/CVE-2018-17240

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/BBge/CVE-2018-17240/blob/main/exploit.py

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.bbge.org/file/exploit.py

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.