CVE-2015-2097
published 2015-03-09CVE-2015-2097: Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1)…
PriorityP264high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
24.14%
97.6th percentile
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for ActiveX control instantiation of WESPMonitor.WESPMonitorCtrl.1 with calls to LoadImage or LoadImageEx with oversized arguments — indicative of buffer overflow exploitation attempt. ↗
- →Monitor for ActiveX control instantiation of WESPCONFIGLib.UserItem with calls to ChangePassword containing oversized string arguments — stack overflow exploitation vector. ↗
- →Monitor for ActiveX control instantiation of WESPPLAYBACKLib.WESPPlaybackCtrl with calls to ConnectEx3 where the second argument is a long string — direct exploitation indicator. ↗
- →Monitor for ActiveX control instantiation of WESPCONFIGLib.IDList with calls to AddID containing oversized arguments — buffer overflow exploitation vector. ↗
- →Exploit PoC uses the string 'PraveenD' as a fixed argument value in Connect and ChangePassword calls; presence of this string in browser/ActiveX logs alongside WESP controls may indicate exploit activity. ↗
- →Exploit PoC for ChangePassword uses 'PraveenD' as the second argument (arg2); monitor for this fixed string in WESP ActiveX method calls. ↗
- ·The NVD description lists exploitation vectors as 'unspecified vectors', limiting precise protocol-level detection; detection must rely on ActiveX control ProgID monitoring and argument length heuristics. ↗
- ·Exploit PoC source code is truncated in the available documents; full shellcode and NOP sled payloads are not available for signature extraction. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WebGate WESP SDK 1.2 - ChangePassword Stack Overflow
exploitdb·2015-04-02
CVE-2015-2097 WebGate WESP SDK 1.2 - ChangePassword Stack Overflow
WebGate WESP SDK 1.2 - ChangePassword Stack Overflow
---
var arg1 = "";
var arg2 = "PraveenD";
var nops = "";
var shellcode = "";
var buff2 = "";
for (i=0; i
Exploit-DB
WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow
exploitdb·2015-04-02
CVE-2015-2097 WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow
WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow
---
var arg1="PraveenD";
var arg2=1;
var arg3= "";
var arg4="PraveenD";
var nops = "";
var shellcode = "";
var buff2 = "";
for (i=0; i
Exploit-DB
WebGate eDVR Manager - Remote Stack Buffer Overflow
exploitdb·2015-03-26
CVE-2015-2097 WebGate eDVR Manager - Remote Stack Buffer Overflow
WebGate eDVR Manager - Remote Stack Buffer Overflow
---
var arg1 = "";
nops = "";
var buff = "";
for(i=0;i"+"Lengths: arg1="+arg1.length+" seh="+seh.length+"");
for(i=0;i
No writeups or analysis indexed.
http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2015/Feb/90http://www.osvdb.org/118893http://www.osvdb.org/118896http://www.osvdb.org/118902http://www.securityfocus.com/bid/72835http://www.zerodayinitiative.com/advisories/ZDI-15-059/http://www.zerodayinitiative.com/advisories/ZDI-15-062/http://www.zerodayinitiative.com/advisories/ZDI-15-068/https://www.exploit-db.com/exploits/36505/https://www.exploit-db.com/exploits/36602/https://www.exploit-db.com/exploits/36607/http://packetstormsecurity.com/files/131072/WebGate-eDVR-Manager-Stack-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2015/Feb/90http://www.osvdb.org/118893http://www.osvdb.org/118896http://www.osvdb.org/118902http://www.securityfocus.com/bid/72835http://www.zerodayinitiative.com/advisories/ZDI-15-059/http://www.zerodayinitiative.com/advisories/ZDI-15-062/http://www.zerodayinitiative.com/advisories/ZDI-15-068/https://www.exploit-db.com/exploits/36505/https://www.exploit-db.com/exploits/36602/https://www.exploit-db.com/exploits/36607/
2015-03-09
Published