CVE-2020-13109
published 2020-05-16CVE-2020-13109: Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.76%
90.8th percentile
Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| seta | morita_shogi_64 | <= 2020-05-02 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT ADB Broadband Authorization Bypass
suricata·2018-07-05
CVE-2018-13109 ET EXPLOIT ADB Broadband Authorization Bypass
ET EXPLOIT ADB Broadband Authorization Bypass
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT ADB Broadband Authorization Bypass"; flow:established,to_server; http.uri; content:"/ui/dboard/settings/management/"; fast_pattern; http.uri.raw; content:"/management//"; reference:cve,2018-13109; reference:url,exploit-db.com/exploits/44982/; classtype:web-application-attack; sid:2025785; rev:2; metadata:attack_target IoT, created_at 2018_07_05, cve CVE_2018_13109, deployment Datacenter, performance_impact Low, confidence High, signature_severity Critical, updated_at 2020_08_25;)
No public exploits indexed.
2020-05-16
Published