Remote code execution in XiongMai uc-httpd

Published: 2018-08-01

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2018-10088
CWE-ID	CWE-120
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	uc-httpd Web applications / Other software
Vendor	Xiongmai Technology

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU14155

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2018-10088

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability my result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

uc-httpd: 1.0.0

CPE2.3

cpe:2.3:a:xiongmai_technology:uc-httpd:1.0.0:*:*:*:*:*:*:*

External links

https://github.com/bitfu/uc-httpd-1.0.0-buffer-overflow-exploit

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.