CVE-2014-10011

TRENDnet TV-IP422W and TV-IP422WN - Stack-Based Buffer Overflow in UltraCam ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-10011. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates a stack-based buffer overflow in TRENDnet SecurView Wireless Network Camera's UltraCamX.ocx ActiveX control. It provides multiple PoC HTML scripts targeting vulnerable methods like 'SnapFileName' and 'OpenFileDlg' to trigger memory corruption and SEH overwrite.

Description

Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textdoswindows
https://www.exploit-db.com/exploits/35363

The exploit demonstrates a stack-based buffer overflow in TRENDnet SecurView Wireless Network Camera's UltraCamX.ocx ActiveX control. It provides multiple PoC HTML scripts targeting vulnerable methods like 'SnapFileName' and 'OpenFileDlg' to trigger memory corruption and SEH overwrite.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TRENDnet TV-IP422WN/TV-IP422W (UltraCamX.ocx 1.1.52.16)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.1005
EPSS Percentile 95.0%

Details

CWE
CWE-119
Status published
Products (2)
trendnet/tv-ip422w
trendnet/tv-ip422wn
Published Jan 13, 2015
Tracked Since Feb 18, 2026