Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7547

CWE-361CWE-119Buffer Overflow7 documents6 sources
Severity
9.8CRITICAL
EPSS
89.4%
top 0.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Trendmicro Threat Discovery Appliance
Timeline
PublishedApr 12
Latest updateMay 17

Description

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mc6f-m3hx-rw27: A command execution flaw on the Trend Micro Threat Discovery Appliance 22022-05-17
CVEList
CVE-2016-7547: A command execution flaw on the Trend Micro Threat Discovery Appliance 22017-04-12

💥Exploits & PoCs

3
Exploit-DB
glibc - 'getaddrinfo' Remote Stack Buffer Overflow2016-09-06
Exploit-DB
glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)2016-02-16
Metasploit
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution

📋Vendor Advisories

1
Cisco
Vulnerability in GNU glibc Affecting Cisco Products: February 20162016-02-19
CVE-2016-7547 (CRITICAL CVSS 9.8) | A command execution flaw on the Tre | cvebase.io