Description
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/530739/100/0/threaded
Various Sources x_refsource_misc
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html
Various Sources x_refsource_misc
https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90223
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101903
Scores
EPSS
0.2320
EPSS Percentile
96.0%
Details
CWE
CWE-119
Status
published
Products (8)
lorex_technology/edge2_lh330_firmware
11.17.38-33_1d97a
lorex_technology/edge3_lh340_firmware
11.19.85_1fe3a
lorex_technology/edge\+_lh320_firmware
7-35-28-1b26e
lorex_technology/edge_lh310_firmware
7-35-28-1b26e
lorextechnology/edge
lh310
lorextechnology/edge2
lh330
lorextechnology/edge3
lh340
lorextechnology/edge\+
lh320
Published
Jan 15, 2014
Tracked Since
Feb 18, 2026