1. Home
  2. CVE Database
  3. CVE-2014-1201
HIGH · 10.0

CVE-2014-1201

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series ...

Vulnerability Description

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
Lorex TechnologyEdge Lh310 Firmware7-35-28-1b26e
LorextechnologyEdgelh310
Lorex TechnologyEdge3 Lh340 Firmware11.19.85_1fe3a
LorextechnologyEdge3lh340
Lorex TechnologyEdge2 Lh330 Firmware11.17.38-33_1d97a
LorextechnologyEdge2lh330
Lorex TechnologyEdge\+ Lh320 Firmware7-35-28-1b26e
LorextechnologyEdge\+lh320

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2014-1201?

CVE-2014-1201 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series ...

How severe is CVE-2014-1201?

CVE-2014-1201 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1201?

Check the references section above for vendor advisories and patch information. Affected products include: Lorex Technology Edge Lh310 Firmware, Lorextechnology Edge, Lorex Technology Edge3 Lh340 Firmware, Lorextechnology Edge3, Lorex Technology Edge2 Lh330 Firmware.