CVE-2015-2097

Name of the Vulnerable Software and Affected Versions WebGate Embedded Standard Protocol (WESP) SDK versions (affected versions not specified)

Description The issue concerns multiple buffer overflows in the WESP SDK, allowing remote attackers to execute arbitrary code. This can be achieved through various vectors, including the LoadImage or LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, the ChangePassword function in the WESPCONFIGLib.UserItem control, the Connect function in the WESPSerialPort.WESPSerialPortCtrl.1 or WESPPLAYBACKLib.WESPPlaybackCtrl control, the AddID function in the WESPCONFIGLib.IDList control, or by passing a long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.