Описание
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000049
- https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json
- https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution
- https://twitter.com/ReverseBrain/status/951850534985662464
- https://www.exploit-db.com/exploits/44638
- https://www.exploit-db.com/exploits/45044
- http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html
- http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce
Связанные уязвимости
CVSS3: 7.5
nvd
почти 8 лет назад
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.