CVE-2015-2097

critical

Description

Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.

References

https://www.exploit-db.com/exploits/36607/

https://www.exploit-db.com/exploits/36505/

http://www.zerodayinitiative.com/advisories/ZDI-15-068/

http://www.zerodayinitiative.com/advisories/ZDI-15-062/

http://www.zerodayinitiative.com/advisories/ZDI-15-059/

http://www.securityfocus.com/bid/72835

http://www.osvdb.org/118902

http://www.osvdb.org/118896

http://www.osvdb.org/118893

Details

Source: Mitre, NVD

Published: 2015-03-09

Updated: 2016-11-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical