CVE-2008-5674

Darkwet webcamXP < 3.72.440.0 - Denial of Service and Memory Read via Invalid camnum and id Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5674. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes a vulnerability in webcamXP versions 3.72.440 and 4.05.280 beta, where improper input validation leads to information disclosure and DoS. The example URL demonstrates a potential attack vector by manipulating the 'id' parameter.

Description

Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textwebappsmultiple
https://www.exploit-db.com/exploits/31234

The provided text describes a vulnerability in webcamXP versions 3.72.440 and 4.05.280 beta, where improper input validation leads to information disclosure and DoS. The example URL demonstrates a potential attack vector by manipulating the 'id' parameter.

Classification
Writeup 90%
Attack Type
Info Leak | Dos
Complexity
Trivial
Reliability
Theoretical
Target: webcamXP 3.72.440 and 4.05.280 beta and prior versions
No auth needed
Prerequisites: Network access to the target webcamXP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textwebappsmultiple
https://www.exploit-db.com/exploits/31233

The provided text describes a vulnerability in webcamXP where improper input validation leads to information disclosure or denial-of-service. The exploit involves sending malformed requests with extreme values for the 'camnum' parameter.

Classification
Writeup 90%
Attack Type
Dos | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: webcamXP 3.72.440 and 4.05.280 beta and prior versions
No auth needed
Prerequisites: Network access to the target webcamXP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27875
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488364/100/200/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4788
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/webcamxp-adv.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/42929
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29007
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/42927
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/42928

Scores

EPSS 0.0451
EPSS Percentile 90.3%

Details

CWE
CWE-20
Status published
Products (6)
darkwet/webcam_xp 1.02.432
darkwet/webcam_xp 1.02.535
darkwet/webcam_xp 1.6.945
darkwet/webcam_xp 2.20
darkwet/webcam_xp 3.72
darkwet/webcam_xp < 3.72.440.0
Published Dec 19, 2008
Tracked Since Feb 18, 2026