CVE-2024-51348

Vulnerability

A stack-based buffer overflow vulnerability exists in the P2P API service (port 8001) of BS Producten Petcam firmware 33.1.0.0818. The service parses HTTP URI resources and concatenates them with "./html/" into a 260-byte stack buffer without length validation. An overly long resource name triggers a buffer overflow, allowing overwrite of the instruction pointer [1].

Exploitation

An unauthenticated attacker within network range can exploit this by sending a specially crafted HTTP request to port 8001. The device emits an unauthenticated "local mode" wireless network by default, further lowering the barrier to exploitation [2]. The binary lacks modern mitigations such as stack canaries or ASLR [1].

Impact

Successful exploitation allows remote code execution with root privileges, granting full control over the device. Additionally, the device contains hardcoded credentials (root:cxlinux, admin:12345678) and an unauthenticated RTSP stream, compounding the risk [2].

Mitigation

As of firmware version 33.1.0.0818, no official patch has been released. Users should isolate the device from untrusted networks and consider disabling local mode if possible [1][2].