PT-2015-7255 · Moxa · Moxa Softcms

Carsten Eiram

Publicado

2015-09-08

Atualizado

2019-10-09

CVE-2015-6458

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Moxa SoftCMS versions 1.3 and prior

Description The issue is related to a buffer overflow condition that may cause the system to crash or allow remote code execution. The ip argument in the AudioRecord method of RTSPVIDEO.rtspvideoCtrl.1 is vulnerable to remote code execution.

Recommendations For Moxa SoftCMS versions 1.3 and prior, update to version 1.4 or later, which was released by Moxa on June 1, 2015, to address the issue. As a temporary workaround, consider restricting access to the RTSPVIDEO.rtspvideoCtrl.1 module and the AudioRecord method to minimize the risk of exploitation. Avoid using the ip argument in the affected method until the issue is resolved.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-120

Identificadores relacionados

CVE-2015-6458

ZDI-15-433

Produtos afetados

Moxa Softcms

PT-2015-7255 · Moxa · Moxa Softcms

CVE-2015-6458

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3