CVE-2018-25283

HIGH

iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25283. PoCs published by Gionathan Reale.

AI-analyzed exploit summary This is a functional exploit for a buffer overflow vulnerability in iSmartViewPro 1.5, leveraging SEH overwrite to achieve arbitrary code execution (spawning a calculator). The payload is crafted with a NOP sled and shellcode generated via msfvenom.

Description

iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges.

Exploits (1)

exploitdb WORKING POC

by Gionathan Reale · pythonlocalwindows_x86

https://www.exploit-db.com/exploits/45349

View Code ZIP pw:eip

This is a functional exploit for a buffer overflow vulnerability in iSmartViewPro 1.5, leveraging SEH overwrite to achieve arbitrary code execution (spawning a calculator). The payload is crafted with a NOP sled and shellcode generated via msfvenom.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: iSmartViewPro 1.5

No auth needed

Prerequisites: iSmartViewPro 1.5 installed on Windows 7 32-bit · ability to paste malicious input into the 'Save Path for Snapshot and Record file' field

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 26, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-45349

https://www.exploit-db.com/exploits/45349

Product product

Product Reference

https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5

Third Party Advisory third-party-advisory

VulnCheck Advisory: iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter

https://www.vulncheck.com/advisories/ismartviewpro-buffer-overflow-via-savepath-parameter

Scores

CVSS v3 8.4

EPSS 0.0015

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

Securimport/iSmartViewPro 1.5

Published Apr 26, 2026

Tracked Since Apr 26, 2026