Description
Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textwebappsmultiple
https://www.exploit-db.com/exploits/31234
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textwebappsmultiple
https://www.exploit-db.com/exploits/31233
References (8)
Core 8
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27875
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488364/100/200/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4788
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/webcamxp-adv.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/42929
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29007
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/42927
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/42928
Scores
EPSS
0.3519
EPSS Percentile
97.1%
Details
CWE
CWE-20
Status
published
Products (6)
darkwet/webcam_xp
1.02.432
darkwet/webcam_xp
1.02.535
darkwet/webcam_xp
1.6.945
darkwet/webcam_xp
2.20
darkwet/webcam_xp
3.72
darkwet/webcam_xp
< 3.72.440.0
Published
Dec 19, 2008
Tracked Since
Feb 18, 2026