2 matches found
HooToo HT-TM06 TripMate Elite Web Server 'protocol.csp' HTTP Cookie Header Handling RCE
The HooToo TripMate web interface running on the remote host is affected by a remote code execution vulnerability in the ioos web server vshttpd due to improper validation of overly long strings passed via the HTTP cookie header to protocol.csp. An unauthenticated, remote attacker can exploit thi...
CVE-2017-9025
The CVE-2017-9025 entry concerns HooToo Trip Mate 6 (TM6) devices with vshttpd (ioos) in firmware 2.000.030 and earlier. The issue is a heap-based buffer overflow triggered by overly long HTTP Cookie header values sent to protocol.csp, leading to remote, unauthenticated execution of code or denia...