{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25283", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-26T13:06:27.849Z", "datePublished": "2026-04-26T13:19:14.933Z", "dateUpdated": "2026-04-27T20:08:13.168Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-26T13:19:14.933Z"}, "datePublic": "2018-09-07T00:00:00.000Z", "title": "iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter", "descriptions": [{"lang": "en", "value": "iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "cweId": "CWE-120", "type": "CWE"}]}], "affected": [{"vendor": "Securimport", "product": "iSmartViewPro", "versions": [{"version": "1.5", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/45349", "name": "ExploitDB-45349", "tags": ["exploit"]}, {"url": "https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ismartviewpro-buffer-overflow-via-savepath-parameter"}], "credits": [{"lang": "en", "value": "Gionathan \"John\" Reale", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T20:08:03.081931Z", "id": "CVE-2018-25283", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T20:08:13.168Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Gionathan \"John\" Reale"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Securimport", "product": "iSmartViewPro", "versions": [{"status": "affected", "version": "1.5"}]}], "datePublic": "2018-09-07T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/45349", "name": "ExploitDB-45349", "tags": ["exploit"]}, {"url": "https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ismartviewpro-buffer-overflow-via-savepath-parameter", "name": "VulnCheck Advisory: iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-26T13:19:14.933Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25283", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-27T20:08:03.081931Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-27T20:08:08.159Z"}}]}, "cveMetadata": {"cveId": "CVE-2018-25283", "state": "PUBLISHED", "dateUpdated": "2026-04-26T13:19:14.933Z", "dateReserved": "2026-04-26T13:06:27.849Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-26T13:19:14.933Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges."}], "id": "CVE-2018-25283", "lastModified": "2026-04-27T18:55:32.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-26T22:17:29.150", "references": [{"source": "disclosure@vulncheck.com", "url": "https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/45349"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ismartviewpro-buffer-overflow-via-savepath-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "iSmartViewPro", "source": "cna", "vendor": "Securimport"}, "product": "ismartviewpro", "vendor": "securimport"}], "analysis": {"en": {"generated_at": "2026-04-28T05:13:16.309686+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011supplied security patch or upgrade to a fixed version of iSmartViewPro.", "Restrict access to the System Setup interface to trusted administrators only, and disable or block the 'Save Path for Snapshot and Record file' field if a patch is not available.", "If the feature cannot be disabled, enforce strict input validation and size limits on the Save Path field to prevent buffer overflow."], "summary": {"action": "Immediate Patch", "impact": "Local Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "Securimport iSmartViewPro 1.5 is the only product explicitly listed as affected. No other versions are mentioned in the available data, so the scope is limited to that installation.", "description_and_impact": "The flaw is a structured exception handling (SEH) buffer overflow located in the 'Save Path for Snapshot and Record file' field of iSmartViewPro version 1.5. By providing a payload exceeding 260 bytes through the System Setup interface, a local attacker can overwrite SEH records and execute arbitrary shellcode with the privileges of the application. This vulnerability is a classic example of CWE\u2011120 and allows attackers to run code with the application\u2019s rights, potentially compromising the host and any services the application controls.", "risk_and_exploitability": "The CVSS score of 8.6 indicates a high severity risk, while the EPSS score of less than 1 percent suggests a low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, meaning widespread, documented exploitation has not yet been observed. The attack requires local access to the System Setup interface, typically through an administrator account; thus, it is a local privilege escalation risk. If exploited, the attacker gains application\u2011level execution, which can lead to full system compromise."}}}}, "created": "2026-04-27T19:52:15.903319+00:00", "updated": "2026-04-28T05:15:22.951699+00:00", "vendors": ["securimport", "securimport$PRODUCT$ismartviewpro"]}