CVE-2019-6973

HIGH

gSOAP 2.8.x - Denial of Service via Incomplete HTTP Requests

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6973. PoCs published by Andrew Watson.

AI-analyzed exploit summary This exploit sends multiple incomplete requests to a Sricam IP CCTV Camera running gSOAP 2.8, causing a denial of service. Each payload increases downtime by approximately 20 seconds.

Description

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.

Exploits (1)

exploitdb WORKING POC
by Andrew Watson · bashdoshardware
https://www.exploit-db.com/exploits/46261

This exploit sends multiple incomplete requests to a Sricam IP CCTV Camera running gSOAP 2.8, causing a denial of service. Each payload increases downtime by approximately 20 seconds.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Sricam gSOAP 2.8
No auth needed
Prerequisites: Target IP address · Target port (default 5000) · Number of DoS payloads to send
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46261/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html

Scores

CVSS v3 7.5
EPSS 0.1378
EPSS Percentile 96.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (1)
genivia/gsoap 2.8.0
Published Mar 21, 2019
Tracked Since Feb 18, 2026