3 matches found
CVE-2015-2868
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting...
Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0026 Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 Description An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who...
PT-2014-1990 · Trane · Trane Comfortlink Ii
Name of the Vulnerable Software and Affected Versions: Trane ComfortLink II firmware version 2.0.2 Description: The issue is caused by a buffer overflow in the memory due to an overly long REG request. This can allow a remote attacker to execute arbitrary code. The vulnerability exists in the DSS...