Lorex Technologies Edge Series Security DVR ActiveX Buffer Overflow

High Nessus Plugin ID 72264


The remote Windows host has one or more ActiveX controls installed that are affected by a buffer overflow vulnerability.


The remote Windows host has one or more versions of Lorex Technologies' INetViewX ActiveX control installed. The HTTP_PORT parameter in these controls is affected by a buffer overflow vulnerability that could allow an attacker to remotely execute arbitrary code if exploited.


There are currently no fixes available but as a workaround, set the kill bit on the affected ActiveX controls.

See Also


Plugin Details

Severity: High

ID: 72264

File Name: lorex_edge_activex_bof_cve-2014-1201.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2014/02/03

Modified: 2018/01/31

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:TF/RC:ND

Vulnerability Information

CPE: cpe:/a:lorex_technology:edge%2b_lh320_firmware, cpe:/a:lorex_technology:edge2_lh330_firmware, cpe:/a:lorex_technology:edge3_lh340_firmware, cpe:/a:lorex_technology:edge_lh310_firmware

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2014/01/09

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2014-1201

BID: 64783

OSVDB: 101903