CVE-2015-2097

09.03.2015, 14:59

Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
webgate	webgate_embedded_standard_protocol_sdk	-

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-Overflow.html

http://seclists.org/fulldisclosure/2015/Feb/90

http://www.osvdb.org/118893

http://www.osvdb.org/118896

http://www.osvdb.org/118902

http://www.securityfocus.com/bid/72835

http://www.zerodayinitiative.com/advisories/ZDI-15-059/

http://www.zerodayinitiative.com/advisories/ZDI-15-062/

http://www.zerodayinitiative.com/advisories/ZDI-15-068/

https://www.exploit-db.com/exploits/36505/

https://www.exploit-db.com/exploits/36602/

https://www.exploit-db.com/exploits/36607/

http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-Overflow.html

http://seclists.org/fulldisclosure/2015/Feb/90

http://www.osvdb.org/118893

http://www.osvdb.org/118896

http://www.osvdb.org/118902

http://www.securityfocus.com/bid/72835

http://www.zerodayinitiative.com/advisories/ZDI-15-059/

http://www.zerodayinitiative.com/advisories/ZDI-15-062/

http://www.zerodayinitiative.com/advisories/ZDI-15-068/

https://www.exploit-db.com/exploits/36505/

https://www.exploit-db.com/exploits/36602/

https://www.exploit-db.com/exploits/36607/