CVE-2014-8388
published 2014-11-21CVE-2014-8388: Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted…
PriorityP335high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
1.05%
60.0th percentile
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | <= 7.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess Stack-based Buffer Overflow
cisa_ics·2018-09-05
Advantech WebAccess Stack-based Buffer Overflow
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Stack-based Buffer Overflow
Last RevisedSeptember 05, 2018
Alert CodeICSA-14-324-01
## OVERVIEW
Ricardo Narvaja from Core Security Consulting Services discovered and disclosed information regarding a buffer overflow vulnerabilityCore Security Advantech WebAccess Stack-based Buffer Overflow, http://www.coresecurity.com/advisories/advantech-webaccess-stack-based-buffer-overflow web site last accessed November 20, 2014. in Advantech WebAccess. Joaquín Rodríguez Varela from the Core Advisories Team reported this to NCCIC/ICS-CERT, who coordinated with Advantech.
GHSA
GHSA-m9rq-q2hr-f64w: Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8
ghsa_unreviewed·2022-05-17
CVE-2014-8388 [HIGH] CWE-119 GHSA-m9rq-q2hr-f64w: Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-11-21
Published