Main Vulnerability Database Exploits ID:2326 - Exploit for Stack-based buffer overflow when parsing HTTP POST requests in Meinberg products - CVE-2016-3962

ID:2326 - Exploit for Stack-based buffer overflow when parsing HTTP POST requests in Meinberg products - CVE-2016-3962

Published: April 7, 2020

Vulnerability identifier: #VU55

Vulnerability risk: High

CVE-ID: CVE-2016-3962

CWE-ID: CWE-425

Exploitation vector: Remote access

Vulnerable software:
IMS-LANTIME M1000
IMS-LANTIME M500
LANTIME M900
LANTIME M600
LANTIME M400
LANTIME M300
LANTIME M200
LANTIME M100
SyncFire 1100
LCES

Link to public exploit:

https://github.com/securifera/CVE-2016-3962-Exploit

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing certain parameter in HTTP POST request. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on vulnerable system with privileges of the web server (system account "nobody").

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Meinberg has produced a new firmware Version 6.20.004.

ID:2326 - Exploit for Stack-based buffer overflow when parsing HTTP POST requests in Meinberg products - CVE-2016-3962

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human