Published: 15/03/2018 Updated: 12/04/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote malicious users to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dewesoft dewesoft x3

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinxaltervistaorg [+] Source: hyp3rlinxaltervistaorg/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESStxt [+] ISR: Apparition Security Vendor: ============= wwwdewesoftcom Product: =========== DEWESoft X3 SP1 (64-bit) installer - X3 DEWESoft_FULL_X3_SP1_64BI ...

DEWESoft X3 suffers from a remote internal command access vulnerability ...

CWE-94 http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt https://www.exploit-db.com/exploits/44275/https://nvd.nist.gov https://www.exploit-db.com/exploits/44275/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-7756

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect