PatchSiren cyber security CVE debrief
CVE-2024-51348 BS Producten CVE debrief
A stack-based buffer overflow vulnerability exists in the P2P API service of BS Producten Petcam devices running firmware version 33.1.0.0818. The flaw allows unauthenticated attackers within network range to achieve remote code execution by sending a specially crafted HTTP request that overwrites the instruction pointer. The vulnerability carries a CVSS 3.1 score of 8.8 (High severity) with an attack vector of adjacent network, low attack complexity, no privileges required, and no user interaction needed. The weakness is classified as CWE-121: Stack-based Buffer Overflow. The CVE record was published on March 25, 2026 and last modified on May 19, 2026. The vulnerability status in NVD is currently marked as Deferred. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- BS Producten
- Product
- Petcam
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-05-19
Who should care
Organizations deploying BS Producten Petcam devices for surveillance or monitoring purposes; network administrators managing IoT device fleets; security teams responsible for embedded device security; and individuals using affected pet camera products in home or small business environments.
Technical summary
The vulnerability resides in the P2P API service implementation within firmware 33.1.0.0818 of BS Producten Petcam devices. Insufficient input validation on HTTP request handling permits stack memory corruption, enabling attackers to overwrite the instruction pointer and redirect execution flow. The attack requires network adjacency but no authentication, making it exploitable by any actor with local network access to the device. Successful exploitation yields complete compromise of device integrity, confidentiality, and availability.
Defensive priority
HIGH
Recommended defensive actions
- Segment IoT camera networks from critical infrastructure and restrict network access to authorized devices only
- Monitor for anomalous HTTP traffic targeting P2P API endpoints on affected Petcam devices
- Apply firmware updates from BS Producten when available, or consider discontinuing use of firmware 33.1.0.0818
- Implement network-level intrusion detection to identify potential exploitation attempts against embedded device services
- Review and disable unnecessary P2P functionality if not required for operational use
Evidence notes
Vulnerability description and CVSS metrics sourced from official CVE record and NVD entry. Technical details of the buffer overflow mechanism and affected firmware version derived from researcher documentation. Vendor identification remains uncertain per source metadata.
Official resources
2026-03-25T14:16:29.210Z