CVE-2014-1201

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1220%

EPSS Percentile9.51th

Published2014年1月15日

Last Modified2026年4月29日

Vulnerability Description

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.

Affected Platforms (CPE)

📦

Lorex Technology

Edge Lh310 Firmware

= 7-35-28-1b26e

🔌

Lorextechnology

Edge

= lh310

📦

Lorex Technology

Edge3 Lh340 Firmware

= 11.19.85_1fe3a

🔌

Lorextechnology

Edge3

= lh340

📦

Lorex Technology

Edge2 Lh330 Firmware

= 11.17.38-33_1d97a

🔌

Lorextechnology

Edge2

= lh330

📦

Lorex Technology

Edge\+ Lh320 Firmware

= 7-35-28-1b26e

🔌

Lorextechnology

Edge\+

= lh320

References & Advisories

🔗 http://osvdb.org/101903

🔗 http://www.securityfocus.com/archive/1/530739/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/90223

🔗 https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt

🔗 https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html

🔗 http://osvdb.org/101903

🔗 http://www.securityfocus.com/archive/1/530739/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/90223

Vulnerability Description

Affected Platforms (CPE)

Edge Lh310 Firmware

Edge

Edge3 Lh340 Firmware

Edge3

Edge2 Lh330 Firmware

Edge2

Edge\+ Lh320 Firmware

Edge\+

References & Advisories

相关漏洞威胁