CVE-2019-25435

Name of the Vulnerable Software and Affected Versions Sricam DeviceViewer version 3.12.0.1

Description The software contains a local buffer overflow in the user management add user function. Authenticated attackers can execute arbitrary code by bypassing data execution prevention. An attacker can inject a malicious payload through the Username field in User Management to trigger a stack-based buffer overflow and execute commands via ROP chain gadgets. The vulnerable function is addUser().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.