The vulnerability of the “SIP ALG” module (SIP Application Layer Gateway) in the Realtek SDK for the eCos operating system allows a hacker to execute arbitrary code.

The vulnerability of the “SIP ALG” module SIP Application Layer Gateway in the Realtek SDK for the eCos operating system is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted UDP packet...

CVE-2022-27255

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data...

CVE-2022-27255

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data...

Stack overflow

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data...

CVE-2022-27255

CVE-2022-27255 affects Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1. The SIP ALG component that rewrites SDP data has a stack-based buffer overflow, enabling an attacker to remotely execute code without authentication by sending a crafted SIP packet containing malicious SDP data. The NVD metrics ra...

CVE-2022-27255

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data...

PT-2022-4237 · Realtek · Realtek Ecos Rsdk +1

Name of the Vulnerable Software and Affected Versions: Realtek eCos RSDK version 1.5.7p1 Realtek MSDK version 4.9.4p1 Description: The SIP ALG function in Realtek eCos RSDK and MSDK has a stack-based buffer overflow that allows an attacker to remotely execute code without authentication via a...

Exploit for Improper Input Validation in Realtek Ecos_Rsdk_Firmware

CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow Th...

CVE-2021-27417

eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc an implementation of malloc. The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow...

CVE-2020-12148

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...

CVE-2020-12148

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...

CVE-2020-12149

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

Command injection

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...

CVE-2020-12148

CVE-2020-12148 is a command injection flaw in the nslookup API of Silver Peak Unity ECOS appliances. The vulnerability allows an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI to run arbitrary commands with the web server’s privileges, potentially taking control of th...

CVE-2020-12148 OS Command Injection - nslookup API

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...

CVE-2020-12149 OS Command Injection - Management File Upload

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

CVE-2020-12149

CVE-2020-12149 affects Silver Peak Unity ECOS appliances and relates to a command injection in the configuration backup/restore function. The root cause is that the user-controlled config filename is incorporated directly into a subsequent shell command, enabling an authenticated attacker with ac...

Silver Peak Systems EdgeConnect Software Operating System Command Injection Vulnerability

Silver Peak Systems EdgeConnect Software ECOS is a suite of software-defined, wide-area networking platforms from Silver Peak Systems, USA. The platform provides features such as path conditioning, application classification, routing, and virtual WAN overlays. Silver Peak Systems EdgeConnect...

Silver Peak Unity ECOSTM OS Command Injection Vulnerability

Silver Peak Systems EdgeConnect Software ECOS is a suite of software-defined, wide-area networking platforms from Silver Peak Systems, USA. The platform provides features such as path conditioning, application classification, routing and virtual WAN overlay. Silver Peak Unity ECOSTM suffers from ...

CVE-2020-7571

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation Cross-site Scripting Reflected vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of use...