CVE-2018-8072

HIGH

Edimax Ic-3140w Firmware < 3.06 - Out-of-Bounds Write

Title source: rule

Description

An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.

Exploits (1)

gitlab NO CODE 1 stars

by nemux · poc

https://gitlab.com/nemux/CVE-2018-8072

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://gitlab.com/nemux/CVE-2018-8072/blob/master/CVE-2018-8072_PoC.txt

[Exploit, Technical Description, Third Party Advisory] https://gitlab.com/nemux/CVE-2018-8072/blob/master/nemux_codemotion_Rome18_cover.pdf

[Patch, Product, Vendor Advisory] https://www.edimax.com/edimax/download/download/data/edimax/uk/download/for_home/home_network_cameras/home_network_cameras_indoor_fixed/ic-3140w

[Patch, Third Party Advisory] https://www.nemux.org/2018/04/24/cve-2018-8072/

Scores

CVSS v3 8.8

EPSS 0.0033

EPSS Percentile 55.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (3)

edimax/ic-3140w_firmware < 3.06

edimax/ic-5150w_firmware < 3.09

edimax/ic-6220dc_firmware < 3.06

Published Apr 26, 2018

Tracked Since Feb 18, 2026