The specific flaw exists within BwPAlarm.dll, which is accessed through the 70603 IOCTL in the webvrpcs process. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.
CVE Link
Exploit Platform
Product Name