Buffer overflow in ISPSoft and WPLSoft - CVE-2016-5805
Published: February 13, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39658
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-5805
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Delta Electronics, Inc.
Affected software:
ISPSoft
WPLSoft
ISPSoft
WPLSoft
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service.
How to mitigate CVE-2016-5805
Install update from vendor's website.