CVE-2024-51348

CVE-2024-51348 is a stack-based buffer overflow vulnerability (CWE-121) in the P2P API service of BS Producten Petcam devices running firmware version 33.1.0.0818. The flaw enables unauthenticated attackers within network range to overwrite the instruction pointer, leading to remote code execution (RCE) through a specially crafted HTTP request. It has a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.

Attackers can exploit this vulnerability without authentication or user interaction, provided they are adjacent on the local network (AV:A). By sending a malicious HTTP request to the P2P API service, they can trigger the buffer overflow, overwrite critical memory including the instruction pointer, and execute arbitrary code on the device. This grants high-impact control over confidentiality, integrity, and availability, potentially allowing full device takeover, data exfiltration, or use as a pivot for further network attacks.

Detailed research and technical analysis, including proof-of-concept details, are available in the security research repository at https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2024-51348.md and the associated README at https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/README.md. No vendor patches or official mitigation guidance are specified in the available information.