CVE-2014-1201

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.

Published: Jan 15, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1201
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
lorex_technology / edge_lh310_firmware	7-35-28-1b26e	7-35-28-1b26e.x
lorextechnology / edge	lh310	lh310.x
lorex_technology / edge3_lh340_firmware	11.19.85_1fe3a	11.19.85_1fe3a.x
lorextechnology / edge3	lh340	lh340.x
lorex_technology / edge2_lh330_firmware	11.17.38-33_1d97a	11.17.38-33_1d97a.x
lorextechnology / edge2	lh330	lh330.x
lorex_technology / edge+_lh320_firmware	7-35-28-1b26e	7-35-28-1b26e.x
lorextechnology / edge+	lh320	lh320.x

Vulnerability Database

289,599

CVE-2014-1201