Description
Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Camera name and DID number fields during camera addition to trigger application crashes.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Wansview 1.0.2 contains a stack-based buffer overflow (CWE-120) in the Camera name and DID number fields that are processed during camera addition. By supplying a 2000‑byte payload, an attacker can force the application to crash, resulting in a denial of service. The flaw does not provide a pathway to disclose information or execute arbitrary code.

Affected Systems

The vulnerability affects the Wansview camera firmware version 1.0.2. No other versions or vendor variants are listed in the advisory.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation. The flaw is not listed in the CISA KEV catalog. Attacks require local access to the device and the privilege to add a camera; remote attackers cannot exploit the buffer overflow. Given the limited scope, the overall risk is moderate, but the impact is significant if an administrator inadvertently supplies oversized data.

Generated by OpenCVE AI on April 28, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of the Wansview firmware that fixes the buffer overflow.
  • Limit local access by restricting camera addition privileges to trusted administrators only.
  • If a patch is unavailable, monitor for application crashes and consider disabling the camera addition interface until a fix is released.

Generated by OpenCVE AI on April 28, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Wansview
Wansview wansview
Vendors & Products Wansview
Wansview wansview

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Camera name and DID number fields during camera addition to trigger application crashes.
Title Wansview 1.0.2 Denial of Service via Buffer Overflow
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Wansview Wansview
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T13:47:15.716Z

Reserved: 2026-04-26T13:11:48.516Z

Link: CVE-2018-25297

cve-icon Vulnrichment

Updated: 2026-04-27T13:46:53.783Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:31.253

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25297

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses