CVE-2014-1201 Information

Description

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E Edge2 LH330 series with firmware 11.17.38-33_1D97A and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.

Reference

http://osvdb.org/101903 http://www.securityfocus.com/archive/1/530739/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/90223 https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html