Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Trendnet wireless camera buffer overflow vulneribility

Vulnerability

TrendNet wireless camera buffer overflow vulneribility

Vulnerability Description

TrendNet ProView Wireless camera TV-IP512WN (version v1.0R) is vulnerable to buffer overflow in handling RTSP packet in firmware version 1.0.4 which may result in remote code execution or denial of service. The issue is in the binary rtspd which resides in /sbin folder which is responsible for serving rtsp connection received by the device. The problem arises in parsing “Authorization: Basic” RTSP header which could be arbitrarily long, the value of this header is copied onto stack memory without any bounds check which could lead to a buffer overflow. What makes this vulnerability more severe is that the user need not be authenticated to trigger the overflow.

CVE-ID

CVE-2020-12763

Vendor

TRENDnet

Product

ProView Wireless camera TV-IP512WN (version v1.0R)

Disclosure Timeline

13 Jan 2020 Report the issue to the vendor
14 Jan 2020 Vendor responded they provide fix for product has reached End-of-Life
15 Jan 2020 Informed the vendor that if they don’t fix the issue in 90 days we will publish the full disclosure unless they responded otherwise
18 Mar 2020 Requested CVE ID for the vulnerability
18 Mar 2020 Vendor responded they don’t verify the vulnerability which has reached EOF
09 May 2020 Requested Program Root CNA for CVE ID
10 May 2020 CVE ID Reserved
11 May 2020 Published the full disclosure

Credits

Munawwar Hussain Shelia