We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2013-10036

Beetel Connection Manager NetConfig.ini Stack-Based Buffer Overflow



Description

A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.

Reserved 2025-07-30 | Published 2025-07-31 | Updated 2025-07-31 | Assigner VulnCheck


HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unknown

PCW_BTLINDV1.0.0B04
affected

Credits

metacom finder

References

raw.githubusercontent.com/...mat/beetel_netconfig_ini_bof.rb exploit

www.exploit-db.com/exploits/28969 exploit

www.fortiguard.com/...ger-netconfig-username-buffer-overflow third-party-advisory

www.vulncheck.com/...ion-manager-stack-based-buffer-overflow third-party-advisory

cve.org (CVE-2013-10036)

nvd.nist.gov (CVE-2013-10036)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2013-10036

Support options

Helpdesk Chat, Email, Knowledgebase