Home

Description

A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.

PUBLISHED Reserved 2025-07-30 | Published 2025-07-31 | Updated 2026-03-05 | Assigner VulnCheck




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unknown

PCW_BTLINDV1.0.0B04
affected

Credits

metacom finder

References

raw.githubusercontent.com/...mat/beetel_netconfig_ini_bof.rb exploit

www.exploit-db.com/exploits/28969 exploit

www.fortiguard.com/...ger-netconfig-username-buffer-overflow third-party-advisory

www.vulncheck.com/...ion-manager-stack-based-buffer-overflow third-party-advisory

cve.org (CVE-2013-10036)

nvd.nist.gov (CVE-2013-10036)

Download JSON