CVE-2004-2078

Red-M Red-Alert 2.7.5 with software 3.1 build 24 - Denial of Service via Long TCP Port 80 Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2078. PoCs published by Bruno Morisson.

AI-analyzed exploit summary This exploit leverages a buffer overflow vulnerability in Red-M Red-Alert network monitors by sending a long string of 'a' characters followed by CRLF sequences via HTTP. The attack can crash the device, eliminate logs, or bypass detection.

Description

Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bruno Morisson · textdoshardware

https://www.exploit-db.com/exploits/23672

View Code ZIP pw:eip

This exploit leverages a buffer overflow vulnerability in Red-M Red-Alert network monitors by sending a long string of 'a' characters followed by CRLF sequences via HTTP. The attack can crash the device, eliminate logs, or bypass detection.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Red-M Red-Alert network monitors

No auth needed

Prerequisites: Network access to the target device · Perl or netcat installed

MITRE ATT&CK