cbcvebase.
CVE-2012-1830
published 2012-07-05

CVE-2012-1830: Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
7.65%
93.8th percentile
Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.

Affected

6 ranges
VendorProductVersion rangeFixed in
wellintechkingview<= 6.53
wellintechkingview
wellintechkingview
wellintechkingview
wellintechkingview
wellintechkingview

Detection & IOCsextracted from sources · hover to see the quote

port555/TCP
commandexploit = ("\x90"*1024) + ("A"*23976) + ("B"*12500) + ("D"*6250) + ("E"*6002) + ("\x44\x43\x42\x41") + ("\x90"*256)
bytes
\x44\x43\x42\x41
  • Monitor for large TCP connections to port 555 targeting KingView; the exploit sends a payload of ~50,000+ bytes including a leading NOP sled (\x90*1024) followed by large repeated-byte blocks, characteristic of a stack-based buffer overflow attempt.
  • EIP overwrite value 0x41424344 ('ABCD') observed in crash analysis; network payloads containing this byte sequence (\x44\x43\x42\x41 in little-endian) sent to TCP/555 are indicative of exploit attempts against KingView 6.53.
  • KingView acts as a Login Server on TCP/555 only when configured as 'Local is a Login Server' under network parameters; detection should focus on this port being open/reachable on KingView hosts.
  • ·TCP port 555 is only exposed when KingView is explicitly configured as a Login Server ('Local is a Login Server' node type). The attack surface is conditional on this configuration being active.
  • ·The exploit was tested on Windows SP1; behavior on other Windows versions may differ. Detection rules should account for the specific OS environment of deployed KingView 6.53 instances.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.