CVE-2019-11878

{"id": "CVE-2019-11878", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-05-10T15:29:02.667", "references": [{"url": "http://blog.0x42424242.in/2019/04/besder-investigative-journey-part-1_24.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=SnyPJtDDMFQ", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds."}, {"lang": "es", "value": "Fue encontrado un problema en las c\u00e1maras XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200. Un atacante sobre la misma red local que la c\u00e1mara puede crear un mensaje con un campo de tama\u00f1o mayor que 0x80000000 y enviarlo hacia la c\u00e1mara, relacionado con un desbordamiento de enteros o el uso de n\u00famero negativo. Esto entonces, bloquea la c\u00e1mara durante unos 120 segundos."}], "lastModified": "2019-05-13T14:06:45.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xiongmaitech:besder_ip20h1_firmware:4.02.r12.00035520.12012.047500.00200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A81CFA32-6061-4D18-8A80-C628EA876E41"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xiongmaitech:besder_ip20h1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96887E84-262F-469F-AB65-960E039A78D4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}