PT-2015-7255 · Moxa · Moxa Softcms

Carsten Eiram

Published

2015-09-08

Updated

2019-10-09

CVE-2015-6458

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Moxa SoftCMS versions 1.3 and prior

Description The issue is related to a buffer overflow condition that may cause the system to crash or allow remote code execution. The ip argument in the AudioRecord method of RTSPVIDEO.rtspvideoCtrl.1 is vulnerable to remote code execution.

Recommendations For Moxa SoftCMS versions 1.3 and prior, update to version 1.4 or later, which was released by Moxa on June 1, 2015, to address the issue. As a temporary workaround, consider restricting access to the RTSPVIDEO.rtspvideoCtrl.1 module and the AudioRecord method to minimize the risk of exploitation. Avoid using the ip argument in the affected method until the issue is resolved.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

CVE-2015-6458

ZDI-15-433

Affected Products

Moxa Softcms

PT-2015-7255 · Moxa · Moxa Softcms

CVE-2015-6458

Weakness Enumeration

Related Identifiers

Affected Products

References · 3