PT-2015-5605 · Webgate · Webgate Edvr Manager

Rgod

Published

2015-02-27

Updated

2021-08-03

CVE-2015-2098

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WebGate eDVR Manager (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code via unspecified vectors to various functions and properties in the WebGate eDVR Manager controls, including the Connect, ConnectEx, and ConnectEx2 functions in the WESPEvent.WESPEventCtrl.1 control, the AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control, and the OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control. Additionally, the SiteChannel and SiteName properties in the WESPPlayback.WESPPlaybackCtrl.1 control are also affected. This is a result of multiple stack-based buffer overflows.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2015-2098

ZDI-15-058

ZDI-15-060

ZDI-15-061

ZDI-15-064

ZDI-15-065

ZDI-15-066

Affected Products

Webgate Edvr Manager

PT-2015-5605 · Webgate · Webgate Edvr Manager

CVE-2015-2098

Weakness Enumeration

Related Identifiers

Affected Products

References · 16