Vulnerability Description
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://www.exploit-db.com/exploits/28969
- https://www.fortiguard.com/encyclopedia/ips/37394/beetel-connection-manager-netc
- https://www.vulncheck.com/advisories/beetel-connection-manager-stack-based-buffe
FAQ
What is CVE-2013-10036?
CVE-2013-10036 is a documented vulnerability. A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini ...
How severe is CVE-2013-10036?
CVSS scoring is not yet available for CVE-2013-10036. Check NVD for updates.
Is there a patch for CVE-2013-10036?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.