CVE-2009-0693

Wyse Device Manager <4.7 - RCE

Title source: llm

Description

Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.

Exploits (1)

exploitdb WORKING POC

rubydoshardware

https://www.exploit-db.com/exploits/19137

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0101.html

[US Government Resource] http://www.kb.cert.org/vuls/id/654545

[Various Sources] http://www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/

[Various Sources] http://www.wyse.com/serviceandsupport/Wyse%20Security%20Bulletin%20WSB09-01.pdf

Scores

EPSS 0.2301

EPSS Percentile 95.9%

Details

CWE

CWE-119

Status published

Products (3)

dell/wyse_device_manager 4.7.0

dell/wyse_device_manager 4.7.1

dell/wyse_device_manager 4.7.2

Published Jun 19, 2012

Tracked Since Feb 18, 2026