CVE-2017-10723
CVE-2017-10723 is a high-severity vulnerability in Ishekar Endoscope Camera Firmware with a CVSS 3.x base score of 8.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-119.
Key facts
- Severity: High (CVSS 3.x base score 8.8)
- CVSS v2: 6.5
- EPSS exploit prediction: 3% (83rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-119
- Affected product: Ishekar Endoscope Camera Firmware
- Published:
- Last modified:
Description
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: "SETCMD0001+0001+[2 byte length of wifiname]+[Wifiname]. This request is handled by "control_Dev_thread" function which at address "0x00409AE0" compares the incoming request and determines if the 10th byte is 01 and if it is then it redirects to 0x0040A74C which calls the function "setwifiname". The function "setwifiname" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value.
Frequently asked questions
- What is CVE-2017-10723?
- Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: "SETCMD0001+0001+[2 byte length of wifiname]+[Wifiname]. This request is handled by "control_Dev_thread" function which at address "0x00409AE0" compares the incoming request and determines if the 10th byte is 01 and if it is then it redirects to 0x0040A74C which calls the function "setwifiname". The function "setwifiname" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value.
- How severe is CVE-2017-10723?
- CVE-2017-10723 has a CVSS 3.x base score of 8.8, rated high severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2017-10723 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (83rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2017-10723?
- CVE-2017-10723 affects Ishekar Endoscope Camera Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2017-10723?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2017-10723 published?
- CVE-2017-10723 was published on 2019-06-17 and last updated on 2026-06-17.
References
- http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf
- https://seclists.org/bugtraq/2019/Jun/8
Affected products (1)
- cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Ishekar Endoscope Camera Firmware
- CVE-2017-10724 — High (CVSS 8.8): Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope…
- CVE-2017-10722 — High (CVSS 7.8): Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope…
- CVE-2017-10720 — High (CVSS 7.8): Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope…
- CVE-2017-10721 — Medium (CVSS 6.5): Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope…
- CVE-2017-10719 — Medium (CVSS 6.5): Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope…
- CVE-2017-10718 — Medium (CVSS 6.5): Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope…
All CVEs affecting Ishekar Endoscope Camera Firmware →
Other CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) vulnerabilities
- CVE-2026-2778 — Critical (CVSS 10.0): Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in…
- CVE-2026-2776 — Critical (CVSS 10.0): Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability…
- CVE-2025-1866 — Critical (CVSS 10.0): Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows…
- CVE-2022-27625 — Critical (CVSS 10.0): A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the…
- CVE-2022-27624 — Critical (CVSS 10.0): A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the…
- CVE-2020-11896 — Critical (CVSS 10.0): The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.