17 matches found
EUVD-2015-2956
Malware in sbrugna...
EUVD-2015-2955
Malware in sbrugna...
Remote code execution
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting...
CVE-2015-2867
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system...
CVE-2015-2868
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting...
Design/Logic Flaw
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system...
CVE-2015-2868
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting...
CVE-2015-2867
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system...
CVE-2015-2868
CVE-2015-2868 affects Trane ComfortLink II (firmware 2.0.2) in the DSS service. The vulnerability is a remote code execution caused by processing an overly long REG request that overflows a fixed-size stack buffer. Investigations describe unsafe input handling (sscanf and strcpy) in the DSS reque...
CVE-2015-2867
CVE-2015-2867 affects Trane ComfortLink II SCC firmware 2.0.2. Talos reports a design flaw that, during boot, installs two hardcoded user credentials (root: Cold,,2100AAAAA and raptor21: Cold,,2100RRRRR) enabling remote SSH access and local root privilege escalation. The vulnerability allows remo...
Trane comfort Link II DSS services handling remote code execution (CVE-2015-2868)
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long request that can overflow a fixed size stack buffer, resulting in arbitrary code execution...
Trane ComfortLink II Privilege Access Vulnerability
Trane ComfortLink II is a set of connection control components for use in home intelligence systems from Trane UK. A privilege-acquisition vulnerability exists in the Trane ComfortLink II using firmware version 2.0.2, which originates from the program's installation of user credentials with a...
Trane ComfortLink II Stack Buffer Overflow Vulnerability
Trane ComfortLink II is a set of connection control components for use in home intelligence systems from Trane UK. A stack buffer overflow vulnerability exists in the Trane ComfortLink II using firmware version 2.0.2. A remote attacker can exploit this vulnerability by sending a long REG request ...
Trane ComfortLink II SCC Service Hardcoded Credentials Vulnerability
Talos Vulnerability Report TALOS-2016-0028 Trane ComfortLink II SCC Service Hardcoded Credentials Vulnerability February 8, 2016 CVE Number CVE-2015-2867 Description A design flaw in the Trane ComfortLink II SCC service allows remote attackers to take complete control of the system. During system...
Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0026 Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 Description An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who...
Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0027 Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 DESCRIPTION An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who can...
PT-2014-1991 · Trane · Trane Comfortlink Ii
Name of the Vulnerable Software and Affected Versions: Trane ComfortLink II SCC firmware version 2.0.2 Description: The issue is related to a design flaw in the service that allows remote attackers to gain complete control of the system. It is also associated with the exploitation of predefined...