关键信息 Advisory Information Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL: http://www.coresecurity.com/advisories/maygion-IP-cameras-multiple-vulnerabilities Date published: 2013-05-28 Date of last update: 2013-05-28 Vendors contacted: MayGion Release mode: Coordinated release Vulnerability Information Class: Path traversal (CWE-22), Buffer overflow (CWE-119) Impact: Code execution, Security bypass Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2013-1604, CVE-2013-1605 Vulnerability Description Multiple vulnerabilities were found in MayGion IP cameras: 1. CVE-2013-1604: Can dump the camera's memory and retrieve user credentials via path traversal. 2. CVE-2013-1605: Can execute arbitrary code via buffer overflow. Vulnerable Packages MayGion IP cameras based on firmware 2011.27.09 and below. Report Timeline 2013-05-02: Core Security notifies MayGion of the vulnerabilities. 2013-05-03: Vendor notifies that vulnerabilities are fixed in the last firmware version. 2013-05-09: Core publishes the advisory. References [1] http://www.maygion.com