CVE-2009-0693

Wyse Device Manager 4.7.x - Remote Code Execution via User-Agent HTTP Header or hagent.exe Input

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0693.

AI-analyzed exploit summary This Metasploit auxiliary module exploits a vulnerability in the Wyse Rapport Hagent service to remotely power off Wyse machines by sending a crafted TCP request. The exploit demonstrates a denial-of-service (DoS) condition by triggering a remote power cycle.

Description

Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.

Exploits (1)

exploitdb WORKING POC
rubydoshardware
https://www.exploit-db.com/exploits/19137

This Metasploit auxiliary module exploits a vulnerability in the Wyse Rapport Hagent service to remotely power off Wyse machines by sending a crafted TCP request. The exploit demonstrates a denial-of-service (DoS) condition by triggering a remote power cycle.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Wyse Rapport Hagent service (Wyse Linux x86)
No auth needed
Prerequisites: Network access to the target on port 80
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/654545
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0101.html

Scores

EPSS 0.1605
EPSS Percentile 95.0%

Details

CWE
CWE-119
Status published
Products (3)
dell/wyse_device_manager 4.7.0
dell/wyse_device_manager 4.7.1
dell/wyse_device_manager 4.7.2
Published Jun 19, 2012
Tracked Since Feb 18, 2026