Vulnerability Details CVE-2014-8756
The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.4%
CVSS Severity
CVSS v2 Score 6.8
References
- http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324
- http://www.zerodayinitiative.com/advisories/ZDI-14-363/
- http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324
- http://www.zerodayinitiative.com/advisories/ZDI-14-363/
Products affected by CVE-2014-8756
-
cpe:2.3:h:panasonic:network_camera_recorder:-
-
cpe:2.3:o:panasonic:network_camera_recorder_firmware:4.00r00
-
cpe:2.3:o:panasonic:network_camera_recorder_firmware:4.00r01
-
cpe:2.3:o:panasonic:network_camera_recorder_firmware:4.01r00
-
cpe:2.3:o:panasonic:network_camera_recorder_firmware:4.02r00
-
cpe:2.3:o:panasonic:network_camera_recorder_firmware:4.03r00
-
cpe:2.3:o:panasonic:network_camera_recorder_firmware:4.04
-
cpe:2.3:o:panasonic:network_camera_recorder_firmware:4.04r00
-
cpe:2.3:o:panasonic:network_camera_recorder_firmware:4.04r02