CVE-2013-10036

HIGH

Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow

Title source: llm

Description

A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by metacom · pythonlocalwindows

https://www.exploit-db.com/exploits/28969

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by metacom, wvu · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/beetel_netconfig_ini_bof.rb

View Code ZIP pw:eip

References (4)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/beetel_netconfig_ini_bof.rb

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/28969

[Vendor Advisory] https://www.fortiguard.com/encyclopedia/ips/37394/beetel-connection-manager-netconfig-username-buffer-overflow

[Third Party Advisory] https://www.vulncheck.com/advisories/beetel-connection-manager-stack-based-buffer-overflow

Scores

CVSS v4 8.4

EPSS 0.0440

EPSS Percentile 89.0%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Beetel Teletech Ltd./Connection Manager PCW_BTLINDV1.0.0B04

Published Jul 31, 2025

Tracked Since Feb 18, 2026