← back
CVE-2015-2868

CVE-2015-2868

EPSS 6.8%
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.
Affected products
Trane · ComfortLink II SCC firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.securityfocus.com/bid/95118http://www.talosintelligence.com/reports/TALOS-2016-0027/