CVE-2008-5674

{"id": "CVE-2008-5674", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-12-19T01:52:02.670", "references": [{"url": "http://aluigi.altervista.org/adv/webcamxp-adv.txt", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/42929", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29007", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4788", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/42927", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/42928", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/488364/100/200/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27875", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component."}, {"lang": "es", "value": "M\u00faltiples errores de \u00edndice de array en el servidor HTTP en Darkwet Network webcamXP v3.72.440.0 y anteriores y beta v4.05.280 y anteriores que permitir\u00eda a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda del dispositivo) y leer fragmentos de memoria a trav\u00e9s de (1)un par\u00e1metro invalido \"camnum\" al componente pocketpc y (2) un par\u00e1metro \"id\" invalido al componente show_gallery_pic."}], "lastModified": "2018-10-11T20:56:23.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:darkwet:webcam_xp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15872E1F-C1B4-49EC-AE30-8DC2147B1BDC", "versionEndIncluding": "3.72.440.0"}, {"criteria": "cpe:2.3:a:darkwet:webcam_xp:1.02.432:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8DA647F-F355-49CF-8D98-C2877A683234"}, {"criteria": "cpe:2.3:a:darkwet:webcam_xp:1.02.535:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFDFC029-4448-4CE7-B6A3-299D1E9E0DA9"}, {"criteria": "cpe:2.3:a:darkwet:webcam_xp:1.6.945:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C89E7E91-1FBD-4980-B3E1-8EB8D9E76571"}, {"criteria": "cpe:2.3:a:darkwet:webcam_xp:2.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34AD5B8C-0F46-45A1-999A-7C0864D7904C"}, {"criteria": "cpe:2.3:a:darkwet:webcam_xp:3.72:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78C08C2B-58E0-4C28-9EF3-2624CC5A1716"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}