CVE-2019-11878 - OpenCVE

An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xiongmaitech	Besder Ip20h1 Besder Ip20h1 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:xiongmaitech:besder_ip20h1_firmware:4.02.r12.00035520.12012.047500.00200:*:*:*:*:*:*:*

cpe:2.3:h:xiongmaitech:besder_ip20h1:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html
https://www.youtube.com/watch?v=SnyPJtDDMFQ

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-10T14:24:36

Updated: 2024-08-04T23:03:32.861Z

Reserved: 2019-05-10T00:00:00

Link: CVE-2019-11878

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-05-10T15:29:02.667

Modified: 2019-05-13T14:06:45.330

Link: CVE-2019-11878

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-10T14:24:36", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=SnyPJtDDMFQ"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11878", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html", "refsource": "MISC", "url": "http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html"}, {"name": "https://www.youtube.com/watch?v=SnyPJtDDMFQ", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=SnyPJtDDMFQ"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:03:32.861Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=SnyPJtDDMFQ"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11878", "datePublished": "2019-05-10T14:24:36", "dateReserved": "2019-05-10T00:00:00", "dateUpdated": "2024-08-04T23:03:32.861Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xiongmaitech:besder_ip20h1_firmware:4.02.r12.00035520.12012.047500.00200:*:*:*:*:*:*:*", "matchCriteriaId": "A81CFA32-6061-4D18-8A80-C628EA876E41", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xiongmaitech:besder_ip20h1:-:*:*:*:*:*:*:*", "matchCriteriaId": "96887E84-262F-469F-AB65-960E039A78D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds."}, {"lang": "es", "value": "Fue encontrado un problema en las c\u00e1maras XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200. Un atacante sobre la misma red local que la c\u00e1mara puede crear un mensaje con un campo de tama\u00f1o mayor que 0x80000000 y enviarlo hacia la c\u00e1mara, relacionado con un desbordamiento de enteros o el uso de n\u00famero negativo. Esto entonces, bloquea la c\u00e1mara durante unos 120 segundos."}], "id": "CVE-2019-11878", "lastModified": "2019-05-13T14:06:45.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-10T15:29:02.667", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=SnyPJtDDMFQ"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}