CVE-2010-2349

H264WebCam 3.7 - Denial of Service via Long URI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2349. PoCs published by fl0 fl0w.

AI-analyzed exploit summary This exploit targets a boundary condition error in H264WebCam's HTTP server, causing process termination via a buffer overflow. The PoC sends a long string of 'A's to trigger the vulnerability.

Description

H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by fl0 fl0w · cdoswindows

https://www.exploit-db.com/exploits/13920

View Code ZIP pw:eip

This exploit targets a boundary condition error in H264WebCam's HTTP server, causing process termination via a buffer overflow. The PoC sends a long string of 'A's to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: H264WebCam version 3.7

No auth needed

Prerequisites: Network access to the target's HTTP server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/13920

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40299

Scores

EPSS 0.0480

EPSS Percentile 90.8%

Details

CWE

CWE-399

Status published

Products (1)

timhillone/h264webcam 3.7

Published Jun 21, 2010

Tracked Since Feb 18, 2026