cbcvebase.
CVE-2015-2098
published 2021-07-22

CVE-2015-2098: Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2)…

PriorityP269high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
13.98%
96.1th percentile
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.

Detection & IOCsextracted from sources · hover to see the quote

otherWESPEvent.WESPEventCtrl.1
otherWESPPlayback.WESPPlaybackCtrl.1
otherWESPPTZ.WESPPTZCtrl.1
versionWebGate eDVR Manager 2.6.4
  • Monitor for instantiation of the ActiveX control WESPEvent.WESPEventCtrl.1 via browser or script; calls to Connect, ConnectEx, or ConnectEx2 with oversized arguments indicate exploitation attempts.
  • Exploit PoC uses a large NOP sled and shellcode pattern combined with a secondary buffer ('PraveenD') for the SiteName overflow; presence of the string 'PraveenD' in memory or network traffic may indicate use of the public PoC.
  • ·The NVD advisory describes the vulnerable vectors as 'unspecified', meaning exact parameter lengths triggering overflow are not publicly documented beyond the PoC code; detection based solely on argument length thresholds may require tuning.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.