CVE-2009-20009
Belkin Bulldog Plus Web Service Buffer Overflow
Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Belkin International, Inc. · Bulldog Plus UPS Monitoring Softwarepublic PoCs found — 2
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/belkin_bulldog.rbunverifiedcve_referencewww.exploit-db.com/exploits/8173unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/belkin_bulldog.rbhttps://s3.belkin.com/support/dl/bulldogwindows.pdfhttps://www.exploit-db.com/exploits/8173https://www.fortiguard.com/encyclopedia/ips/17325/belkin-bulldog-plus-web-services-buffer-overflowhttps://www.vulncheck.com/advisories/belkin-bulldog-plus-web-service-buffer-overflow