Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-40597 | 1 Edimax | 2 Ic-3140w, Ic-3140w Firmware | 2022-07-11 | 10.0 HIGH | 9.8 CRITICAL |
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. | |||||
CVE-2021-30165 | 1 Edimax | 2 Ic-3140w, Ic-3140w Firmware | 2021-05-07 | 5.0 MEDIUM | 8.1 HIGH |
The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices. | |||||
CVE-2020-26762 | 1 Edimax | 4 Ic-3116w, Ic-3116w Firmware, Ic-3140w and 1 more | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08. | |||||
CVE-2018-8072 | 1 Edimax | 6 Ic-3140w, Ic-3140w Firmware, Ic-5150w and 3 more | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function. |