CVE-2018-6407

HIGH

Conceptronic CIPCAMPTIWL V3 0.61.30.21 - Unauthenticated Denial of Service via Large POST Request to devices.cgi

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6407. PoCs published by dreadlocked.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2018-6407, an unauthenticated remote Denial of Service vulnerability in Conceptronic IP Cameras. The exploit sends a POST request with an excessively large body to `/hy-cgi/device.cgi?cmd=searchlandevice`, causing the camera to crash and become inaccessible.

Description

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device.

Exploits (1)

nomisec WORKING POC 8 stars
by dreadlocked · poc
https://github.com/dreadlocked/ConceptronicIPCam_MultipleVulnerabilities

This repository contains a working PoC for CVE-2018-6407, an unauthenticated remote Denial of Service vulnerability in Conceptronic IP Cameras. The exploit sends a POST request with an excessively large body to `/hy-cgi/device.cgi?cmd=searchlandevice`, causing the camera to crash and become inaccessible.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Conceptronic IP Cameras with 0.61.X web firmware
No auth needed
Prerequisites: knowledge of the target camera's IP address and port
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.3280
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (2)
conceptronic/cipcamptiwl_firmware 00.30.01.0047p3
conceptronic/cipcamptiwl_web_firmware 0.61.30.21
Published Jan 30, 2018
Tracked Since Feb 18, 2026