CVE-2020-26762 — CRITICAL (9.8)

Vulnerability Description

A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Edimax	Ic-3116W Firmware	3.06
Edimax	Ic-3116W	-
Edimax	Ic-3140W Firmware	3.07
Edimax	Ic-3140W	-

Related Weaknesses (CWE)

CWE-787

References

https://www.edimax.com/edimax/download/download/data/edimax/de/download/for_homeVendor Advisory
https://www.edimax.com/edimax/download/download/data/edimax/de/download/for_homeVendor Advisory

FAQ

What is CVE-2020-26762?

CVE-2020-26762 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted...

How severe is CVE-2020-26762?

CVE-2020-26762 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-26762?

Check the references section above for vendor advisories and patch information. Affected products include: Edimax Ic-3116W Firmware, Edimax Ic-3116W, Edimax Ic-3140W Firmware, Edimax Ic-3140W.