CVE-2010-4230

Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Stack-Based Buffer Overflow via ActiveX Connect Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4230. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in the CMNC-200 IP Camera ActiveX control via the 'connect' method. The PoC uses a long string of 'A's to overwrite the EIP register, indicating potential for arbitrary code execution.

Description

Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Trustwave's SpiderLabs · textdoshardware
https://www.exploit-db.com/exploits/15504

This exploit demonstrates a stack-based buffer overflow in the CMNC-200 IP Camera ActiveX control via the 'connect' method. The PoC uses a long string of 'A's to overwrite the EIP register, indicating potential for arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: CMNC-200 IP Camera ActiveX Control (CLSID {DD01C8CA-5DA0-4B01-9603-B7194E561D32})
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15504
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514753/100/0/threaded

Scores

EPSS 0.0566
EPSS Percentile 92.0%

Details

CWE
CWE-119
Status published
Products (4)
camtron/cmnc-200
camtron/cmnc-200_firmware 1.102a-008
tecvoz/cmnc-200
tecvoz/cmnc-200_firmware 1.102a-008
Published Nov 17, 2010
Tracked Since Feb 18, 2026