Skip to content
CVSS 8.4 · HIGH

CVE-2018-25283

iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges.

Ver en NVD

Análisis

iSmartViewPro is a niche IP camera viewing application not commonly used in software development or server infrastructure. The vulnerability is local and requires an attacker to have access to the configuration interface, which makes it less relevant for the community feed.

Severidad

Puntaje: 8.4(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 4.4%
EPSS: 2026-05-06

Descripción técnica

iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges.

Publicada: 26/4/2026, 22:17:29
Última modificación: 27/4/2026, 18:55:32

Referencias

InicioEventosBlogRecursosEquipo