CVE-2018-25275

MEDIUM

Faleemi Plus 1.0.2 Denial of Service via Buffer Overflow

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25275. PoCs published by Gionathan Reale.

AI-analyzed exploit summary This Python script generates a buffer overflow payload to trigger a Denial of Service (DoS) in Faleemi Plus 1.0.2 by overwriting memory when pasting the payload into the 'Camera name' and 'DID number' fields during camera addition.

Description

Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gionathan Reale · pythondoswindows_x86-64

https://www.exploit-db.com/exploits/45414

View Code ZIP pw:eip

This Python script generates a buffer overflow payload to trigger a Denial of Service (DoS) in Faleemi Plus 1.0.2 by overwriting memory when pasting the payload into the 'Camera name' and 'DID number' fields during camera addition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Faleemi Plus v1.0.2

No auth needed

Prerequisites: Faleemi Plus v1.0.2 installed on Windows · User interaction to paste payload into GUI fields

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Apr 26, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-45414

https://www.exploit-db.com/exploits/45414

Product product

Product Reference

http://support.faleemi.com/fsc776/Faleemi_Plus_v1.0.2.exe

Third Party Advisory third-party-advisory

VulnCheck Advisory: Faleemi Plus 1.0.2 Denial of Service via Buffer Overflow

https://www.vulncheck.com/advisories/faleemi-plus-denial-of-service-via-buffer-overflow

Scores

CVSS v3 6.2

EPSS 0.0014

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

faleemi/Faleemi Plus 1.0.2

Published Apr 26, 2026

Tracked Since Apr 26, 2026