Primary

Context

Sricam DeviceViewer Local Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A local buffer overflow vulnerability has been identified in Sricam DeviceViewer version 3.12.0.1. This vulnerability exists in the user management 'add user' function, where authenticated attackers can exploit the issue to execute arbitrary code by bypassing data execution prevention. The vulnerability is triggered by injecting a malicious payload into the Username field, leading to a stack-based buffer overflow. Exploitation is achieved using return-oriented programming (ROP) chain gadgets to execute commands.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, log into the Sricam DeviceViewer application and navigate to 'System Configuration' -> 'User Management'. Inject a payload into the 'Username' field and click 'Add'. The injected payload will be executed, and a command shell will appear.

Added: Feb 20, 2026, 11:33 PM

Updated: Feb 20, 2026, 11:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.6

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.6

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sricam DeviceViewer Local Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Sricam DeviceViewer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating