Vulnerability
TrendNet wireless camera buffer overflow vulneribility
Vulnerability Description
TrendNet ProView Wireless camera TV-IP512WN (version v1.0R) is vulnerable to buffer overflow in handling RTSP packet in firmware version 1.0.4 which may result in remote code execution or denial of service. The issue is in the binary rtspd which resides in /sbin folder which is responsible for serving rtsp connection received by the device. The problem arises in parsing “Authorization: Basic” RTSP header which could be arbitrarily long, the value of this header is copied onto stack memory without any bounds check which could lead to a buffer overflow. What makes this vulnerability more severe is that the user need not be authenticated to trigger the overflow.
CVE-ID
Vendor
TRENDnet
Product
ProView Wireless camera TV-IP512WN (version v1.0R)
Disclosure Timeline
| 13 Jan 2020 | Report the issue to the vendor |
| 14 Jan 2020 | Vendor responded they provide fix for product has reached End-of-Life |
| 15 Jan 2020 | Informed the vendor that if they don’t fix the issue in 90 days we will publish the full disclosure unless they responded otherwise |
| 18 Mar 2020 | Requested CVE ID for the vulnerability |
| 18 Mar 2020 | Vendor responded they don’t verify the vulnerability which has reached EOF |
| 09 May 2020 | Requested Program Root CNA for CVE ID |
| 10 May 2020 | CVE ID Reserved |
| 11 May 2020 | Published the full disclosure |
Credits
Munawwar Hussain Shelia
