Описание
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.
Ссылки
- ExploitThird Party Advisory
- URL Repurposed
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- URL Repurposed
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.0.9037 (исключая)Версия от 2.2.0 (включая) до 2.2.0.9037 (исключая)Версия до 2.0.0.9037 (исключая)Версия от 2.2.0 (включая) до 2.2.0.9037 (исключая)
Одно из
cpe:2.3:a:integard_home_project:integard_home:*:*:*:*:*:*:*:*
cpe:2.3:a:integard_home_project:integard_home:*:*:*:*:*:*:*:*
cpe:2.3:a:integard_pro_project:integard_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:integard_pro_project:integard_pro:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.77016
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-120
Связанные уязвимости
github
почти 4 года назад
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution.
EPSS
Процентиль: 99%
0.77016
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-120