Description
Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

This vulnerability is a stack buffer overflow that allows local users to crash Faleemi Plus by providing specially crafted, oversized input strings. The overflow occurs when a user enters a 2000‑byte payload into the Camera name or DID number fields during camera addition, causing the application to terminate unexpectedly. The weakness is a classic memory corruption flaw (CWE‑120) and the impact is a denial of service that can be leveraged to disrupt individual camera management sessions or, in a broader deployment, to bring the entire application down.

Affected Systems

The affected product is Faleemi Plus version 1.0.2, as distributed by the vendor faleemi. No other vendors or product versions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, reflecting that the flaw is exploitable only by local users with the ability to input data into the application. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not currently listed in CISA’s KEV catalog. Because the description specifies only local privilege requirements, the attack vector is inferred to be through the user interface of the application. While no patch or fix is listed in the data, the vulnerability remains accessible until a newer version or vendor patch is released.

Generated by OpenCVE AI on April 28, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Faleemi Plus release that includes the buffer overflow fix, if available.
  • If a patch is not available, disable the camera addition feature or configure field size limits so that Camera name and DID number inputs cannot exceed the defined bounds.
  • Run the application with the least privileged user account and consider sandboxing or resource limits to reduce the impact of a potential DoS.

Generated by OpenCVE AI on April 28, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Faleemi
Faleemi faleemi Plus
Vendors & Products Faleemi
Faleemi faleemi Plus

Mon, 27 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash.
Title Faleemi Plus 1.0.2 Denial of Service via Buffer Overflow
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Faleemi Faleemi Plus
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T13:09:35.481Z

Reserved: 2026-04-26T12:58:19.744Z

Link: CVE-2018-25275

cve-icon Vulnrichment

Updated: 2026-04-27T13:09:32.380Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:27.933

Modified: 2026-04-27T18:53:00.053

Link: CVE-2018-25275

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses