Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.
Trendnet wireless camera buffer overflow vulneribility
TrendNet wireless camera buffer overflow vulneribility
TrendNet ProView Wireless camera TV-IP512WN (version v1.0R) is vulnerable to buffer overflow in handling RTSP packet in firmware version 1.0.4 which may result in remote code execution or denial of service. The issue is in the binary rtspd which resides in /sbin folder which is responsible for serving rtsp connection received by the device. The problem arises in parsing “Authorization: Basic” RTSP header which could be arbitrarily long, the value of this header is copied onto stack memory without any bounds check which could lead to a buffer overflow. What makes this vulnerability more severe is that the user need not be authenticated to trigger the overflow.
ProView Wireless camera TV-IP512WN (version v1.0R)
|13 Jan 2020||Report the issue to the vendor|
|14 Jan 2020||Vendor responded they provide fix for product has reached End-of-Life|
|15 Jan 2020||Informed the vendor that if they don’t fix the issue in 90 days we will publish the full disclosure unless they responded otherwise|
|18 Mar 2020||Requested CVE ID for the vulnerability|
|18 Mar 2020||Vendor responded they don’t verify the vulnerability which has reached EOF|
|09 May 2020||Requested Program Root CNA for CVE ID|
|10 May 2020||CVE ID Reserved|
|11 May 2020||Published the full disclosure|
Munawwar Hussain Shelia