CVE-2018-1000049
CVE-2018-1000049
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 6
cve_referencepacketstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.htmlnão verificadocve_referencewww.exploit-db.com/exploits/44638/não verificadocve_referencewww.exploit-db.com/exploits/45044/não verificadoexploitdbwww.exploit-db.com/exploits/45044não verificadoexploitdbwww.exploit-db.com/exploits/44638não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.htmlhttps://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.jsonhttps://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Executionhttps://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/https://twitter.com/ReverseBrain/status/951850534985662464https://www.exploit-db.com/exploits/44638/https://www.exploit-db.com/exploits/45044/http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce