Description

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.

INFO

Published Date :

Oct. 26, 2023, 10:15 p.m.

Last Modified :

Nov. 7, 2023, 5:13 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2018-17878 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Abus tvip_10000_firmware
2 Abus tvip_10001_firmware
3 Abus tvip_10005_firmware
4 Abus tvip_10005a_firmware
5 Abus tvip_10005b_firmware
6 Abus tvip_10050_firmware
7 Abus tvip_10051_firmware
8 Abus tvip_10055a_firmware
9 Abus tvip_10055b_firmware
10 Abus tvip_10500_firmware
11 Abus tvip_10550_firmware
12 Abus tvip_11000_firmware
13 Abus tvip_11050_firmware
14 Abus tvip_11500_firmware
15 Abus tvip_11501_firmware
16 Abus tvip_11502_firmware
17 Abus tvip_11550_firmware
18 Abus tvip_11551_firmware
19 Abus tvip_11552_firmware
20 Abus tvip_20000_firmware
21 Abus tvip_20050_firmware
22 Abus tvip_20500_firmware
23 Abus tvip_20550_firmware
24 Abus tvip_21000_firmware
25 Abus tvip_21050_firmware
26 Abus tvip_21500_firmware
27 Abus tvip_21501_firmware
28 Abus tvip_21502_firmware
29 Abus tvip_21550_firmware
30 Abus tvip_21551_firmware
31 Abus tvip_21552_firmware
32 Abus tvip_22500_firmware
33 Abus tvip_31000_firmware
34 Abus tvip_31001_firmware
35 Abus tvip_31050_firmware
36 Abus tvip_31500_firmware
37 Abus tvip_31501_firmware
38 Abus tvip_31550_firmware
39 Abus tvip_31551_firmware
40 Abus tvip_32500_firmware
41 Abus tvip_51500_firmware
42 Abus tvip_51550_firmware
43 Abus tvip_71500_firmware
44 Abus tvip_71501_firmware
45 Abus tvip_71550_firmware
46 Abus tvip_71551_firmware
47 Abus tvip_72500_firmware
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2018-17878.

URL Resource
https://sec.maride.cc/posts/abus/#cve-2018-17878 Exploit Third Party Advisory
https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2018-17878 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2018-17878 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://sec.maride.cc/posts/abus/#cve-2018-17878 No Types Assigned https://sec.maride.cc/posts/abus/#cve-2018-17878 Exploit, Third Party Advisory
    Changed Reference Type https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen No Types Assigned https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen Third Party Advisory
    Added CWE NIST CWE-120
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10005:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10005a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10005b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10051_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10051:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10055a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10055a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10055b_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10055b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_10550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_10550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11501_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11501:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11502_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11502:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11551_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11551:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_11552_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_11552:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_20000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_20000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_20050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_20050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_20500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_20500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_20550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_20550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21501_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21501:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21502_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21502:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21551_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21551:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_21552_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_21552:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_22500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_22500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31001_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31050_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31050:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31501_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31501:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_31551_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_31551:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_32500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_32500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_51500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_51500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_51550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_51550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_71500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_71500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_71501_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_71501:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_71550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_71550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_71551_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_71551:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:abus:tvip_72500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:abus:tvip_72500:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2018-17878 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.11 }} 0.01%

score

0.44939

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability