CVE-2015-2097
CVE-2015-2097
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 7
cve_referencepacketstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-Overflow.htmlnão verificadocve_referencewww.exploit-db.com/exploits/36505/não verificadocve_referencewww.exploit-db.com/exploits/36602/não verificadocve_referencewww.exploit-db.com/exploits/36607/não verificadoexploitdbwww.exploit-db.com/exploits/36505não verificadoexploitdbwww.exploit-db.com/exploits/36607não verificadoexploitdbwww.exploit-db.com/exploits/36602não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2015/Feb/90https://www.exploit-db.com/exploits/36505/https://www.exploit-db.com/exploits/36602/https://www.exploit-db.com/exploits/36607/http://www.osvdb.org/118893http://www.osvdb.org/118896http://www.osvdb.org/118902http://www.securityfocus.com/bid/72835http://www.zerodayinitiative.com/advisories/ZDI-15-059/http://www.zerodayinitiative.com/advisories/ZDI-15-062/http://www.zerodayinitiative.com/advisories/ZDI-15-068/