cbcvebase.
CVE-2014-1201
published 2014-01-15

CVE-2014-1201: Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware…

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
29.46%
97.9th percentile
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.

Affected

8 ranges
VendorProductVersion rangeFixed in
lorex_technologyedge2_lh330_firmware
lorex_technologyedge3_lh340_firmware
lorex_technologyedge_+_lh320_firmware
lorex_technologyedge_lh310_firmware
lorextechnologyedge
lorextechnologyedge
lorextechnologyedge2
lorextechnologyedge3

Detection & IOCsextracted from sources · hover to see the quote

filenameINetViewProj1_02030330.cab
filenamelorex-testcase.html
urlhttps://raw.githubusercontent.com/pedrib/PoC/master/lorexActivex/lorex-testcase.html
processINetViewX (ActiveX control)
otherEIP=0x41414141 (HTTP_PORT parameter offset 109-113)
otherHash=0xe1e32303.0x6b2fc9c7
  • The buffer overflow is triggered via a long string (10000+ characters) in the HTTP_PORT parameter of the INetViewX ActiveX control, exploitable through Internet Explorer.
  • EIP control is achieved at byte offsets 109–113 of the HTTP_PORT parameter string; monitor for ActiveX instantiation of INetViewX with anomalously long HTTP_PORT values.
  • The vulnerable ActiveX control is delivered via INetViewProj1_02030330.cab; detect installation or loading of this CAB/ActiveX in browser environments.
  • Crash manifests in iexplore.exe via INetViewProj1!Inetviewimpl1Finalize; monitor for iexplore.exe crashes referencing this module.
  • Exploitability confirmed on Win XP SP3 IE6 and Win 7 x64 IE10; the !exploitable classification is EXPLOITABLE due to exception handler chain corruption.
  • Lorex DVRs exposing the web interface can be identified on Shodan; network defenders should block or monitor external access to Lorex EDGE series DVR web ports.
  • ·Affected firmware versions are explicitly enumerated; only devices running these exact firmware builds are confirmed vulnerable.
  • ·Exploitation reliability varies by OS/browser: fully exploitable on XP SP3 IE6 and Win7 x64 IE10, but could not be triggered on XP SP3 IE8.
  • ·All 16 products in the Lorex EDGE series are reported as vulnerable, not just the specific models listed in the NVD entry.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.