Please refer to the PoC file lorex-testcase.html. The instruction pointer can be very easily controlled in XP by the characters 109 to 113 in the string. The buffer overflow can be triggered by a really long string (10000+ characters) in the HTTP_PORT parameter. Their products offer remote video viewing capabilities, and you can find some of them on Shodan. The full list of devices, as well as links to the firware download, can be found in. The Lorex manual instructs the user to blindly accept the ActiveX control install when prompted. These security DVR's are remotely accessible, and when you access it on a Windows computer with Internet Explorer, they try to install the vulnerable ActiveX control INetViewX. I have confirmed that all 16 are vulnerable at this point in time. Their affected product range is the EDGE series, which has 16 products in it. The company is Lorex Technologies, a major video surveillance manufacturer that is very popular in the US and East Asia. I have discovered a buffer overflow vulnerability that allows remote code execution in an ActiveX control bundled by a manufacturer of video surveillance systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |