CVE-2019-25354
CVE-2019-25354
4.6
MediumPublished:
Last updated:
Source:disclosure@vulncheck.com
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Local
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- Active
- Confidentiality (Vulnerable)
- None
- Integrity (Vulnerable)
- None
- Availability (Vulnerable)
- Low
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices.
References
disclosure@vulncheck.com
http://www.smarteyegroup.com/disclosure@vulncheck.com
https://apps.apple.com/mx/app/ismartviewpro/id834791071disclosure@vulncheck.com
https://www.exploit-db.com/exploits/47662disclosure@vulncheck.com
https://www.vulncheck.com/advisories/ismartviewpro-denial-of-service