cbcvebase.
CVE-2018-6317
published 2018-02-02

CVE-2018-6317: The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote…

PriorityP267critical9.1CVSS 3.0
AVNACLPRNUINSUCHINAH
EXPLOIT
EPSS
44.31%
98.6th percentile
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.

Affected

1 ranges
VendorProductVersion rangeFixed in
claymore_dual_miner_projectclaymore_dual_miner<= 10.5

Detection & IOCsextracted from sources · hover to see the quote

port3333
commandecho -e '{"id":1,"jsonrpc":"1.0","method":"test"}' | nc 192.168.1.107 3333 & printf "\n"
commandecho -e '{"id":1,"jsonrpc":"1.0","method":"%n"}' | nc 192.168.1.139 3333 & printf "\n"
  • Monitor TCP port 3333 for inbound JSON-RPC requests containing format string specifiers (e.g., %n, %s, %p) in the 'method' field, which indicates active exploitation of CVE-2018-6317.
  • Unauthenticated access to the remote management interface on port 3333 is the attack vector; detect any external/unauthenticated connections to this port on mining hosts.
  • ·The vulnerability affects Claymore Dual Miner version 10.5 and earlier only; version 10.6 contains the patch. Ensure miners are updated to 10.6+.
  • ·Exposing port 3333 publicly is the primary risk factor; restricting this port to trusted networks eliminates the remote attack surface entirely.

CVSS provenance

nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.