A tale of a kiosk escape: βSricam CMSβ Stack Buffer Overflow
TL;DR: Shenzhen Sricctv Technology Sricam CMS (SricamPC.exe) <= v.1.0.0.53(4) and DeviceViewer (DeviceViewer.exe) <= v.3.10.12.0 (CVE-2019-11563) are affected by a local Stack Buffer Overflow. By creating a specially crafted βUsernameβ and copying its value in the βUser/mailβ login field, an attacker will be able to gain arbitrary code execution in the context of the currently logged-in [β¦]
The post A tale of a kiosk escape: βSricam CMSβ Stack Buffer Overflow appeared first on VoidSec.