Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
References
Configurations
History
21 Nov 2024, 02:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-Overflow.html - Exploit | |
References | () http://seclists.org/fulldisclosure/2015/Feb/90 - Exploit | |
References | () http://www.osvdb.org/118893 - | |
References | () http://www.osvdb.org/118896 - | |
References | () http://www.osvdb.org/118902 - | |
References | () http://www.securityfocus.com/bid/72835 - | |
References | () http://www.zerodayinitiative.com/advisories/ZDI-15-059/ - | |
References | () http://www.zerodayinitiative.com/advisories/ZDI-15-062/ - | |
References | () http://www.zerodayinitiative.com/advisories/ZDI-15-068/ - | |
References | () https://www.exploit-db.com/exploits/36505/ - | |
References | () https://www.exploit-db.com/exploits/36602/ - Exploit | |
References | () https://www.exploit-db.com/exploits/36607/ - |
Information
Published : 2015-03-09 14:59
Updated : 2024-11-21 02:26
NVD link : CVE-2015-2097
Mitre link : CVE-2015-2097
CVE.ORG link : CVE-2015-2097
JSON object : View
Products Affected
webgate
- webgate_embedded_standard_protocol_sdk
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer