← back
CVE-2018-7756

CVE-2018-7756

EPSS 62.5%
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44275/unverifiedexploitdbwww.exploit-db.com/exploits/44275unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txthttps://www.exploit-db.com/exploits/44275/