CVE-2015-2097 Information

Feb 14, 2021 cve

Description

Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control (3) ChangePassword function in the WESPCONFIGLib.UserItem control Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.

Reference

http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-Overflow.html http://seclists.org/fulldisclosure/2015/Feb/90 http://www.osvdb.org/118893 http://www.osvdb.org/118896 http://www.osvdb.org/118902 http://www.securityfocus.com/bid/72835 http://www.zerodayinitiative.com/advisories/ZDI-15-059/ http://www.zerodayinitiative.com/advisories/ZDI-15-062/ http://www.zerodayinitiative.com/advisories/ZDI-15-068/ https://www.exploit-db.com/exploits/36505/ https://www.exploit-db.com/exploits/36602/ https://www.exploit-db.com/exploits/36607/

Share on: