Login Sign Up

CVE-2024-7441

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This critical vulnerability in Vivotek SD9364 VVTK-0103f allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP daemon's Content-Length parameter handling. It affects users of this specific Vivotek camera model that is no longer supported by the vendor. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:
  • Vivotek SD9364 VVTK-0103f
Versions: All versions (product is end-of-life)
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects this specific Vivotek camera model. Vendor has confirmed the affected release tree is end-of-life with no official support.

📦 What is this software?

Sd9364 Firmware by Vivotek

View all CVEs affecting Sd9364 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to other network systems, and persistent backdoor installation.

🟠

Likely Case

Device takeover for botnet enrollment, data exfiltration, or disabling of security camera functionality.

🟢

If Mitigated

Limited impact if devices are isolated in separate VLANs with strict network segmentation and egress filtering.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit has been publicly disclosed and may be used. The vulnerability is in the HTTP daemon which is typically exposed for remote management.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available as product is end-of-life. Consider workarounds or replacement.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected cameras in separate VLAN with strict firewall rules

HTTP Access Restriction

linux

Block external HTTP access to camera management interface

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Immediately remove affected devices from internet-facing networks
  • Replace with supported hardware as this product is end-of-life

🔍 How to Verify

Check if Vulnerable:

Check device model via web interface or serial number. If it's Vivotek SD9364 VVTK-0103f, it is vulnerable.

Check Version:

Check device web interface at http://[IP]/ or via serial/model number on device label

Verify Fix Applied:

No fix available to verify. Workarounds can be verified by testing network connectivity restrictions.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests with malformed Content-Length headers
  • Multiple failed authentication attempts followed by buffer overflow patterns

Network Indicators:

  • HTTP traffic to camera ports with abnormal Content-Length values
  • Sudden outbound connections from camera to unknown IPs

SIEM Query:

source_ip="camera_ip" AND (http_content_length>100000 OR http_request_uri CONTAINS "/cgi-bin/")

📊 Metadata

CVE ID: CVE-2024-7441
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: August 3, 2024
Last Updated: August 7, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7441, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)