Severity
High
Analysis Summary
CVE-2021-3156
The affected product calculates or uses an incorrect maximum or minimum value that is one more or one less than the correct value. This error can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character.
Impact
Privilege escalation
Affected Vendors
Exacq Technologies
Inc.
Affected Products
- Linux based Z-Series and A-Series
- Q-Series
- G-Series
- Legacy LC-Series
- Legacy ELP-Series
- exacqVision Network Video Recorders (NVR)
- Linux based C-Series Workstations
- S-Series Storage Servers
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.