CVE-2013-10036

HIGH

Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10036. PoCs published by metacom, metacom, wvu, including Metasploit module exploits/windows/fileformat/beetel_netconfig_ini_bof.

AI-analyzed exploit summary This exploit targets a SEH buffer overflow vulnerability in Beetel Connection Manager PCW_BTLINDV1.0.0B04. It crafts a malicious NetConfig.ini file with a structured payload including a jump, SEH overwrite, NOPs, and shellcode to achieve remote code execution.

Description

A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by metacom · pythonlocalwindows

https://www.exploit-db.com/exploits/28969

View Code ZIP pw:eip

This exploit targets a SEH buffer overflow vulnerability in Beetel Connection Manager PCW_BTLINDV1.0.0B04. It crafts a malicious NetConfig.ini file with a structured payload including a jump, SEH overwrite, NOPs, and shellcode to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Beetel Connection Manager PCW_BTLINDV1.0.0B04

No auth needed

Prerequisites: Victim must open the malicious NetConfig.ini file with the vulnerable software

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by metacom, wvu · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/beetel_netconfig_ini_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Beetel Connection Manager by crafting a malicious NetConfig.ini file with an oversized UserName parameter. It leverages SEH overwrites and a p/p/r ROP chain to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Beetel Connection Manager PCW_BTLINDV1.0.0B04

No auth needed

Prerequisites: Victim must open the malicious NetConfig.ini file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/beetel_netconfig_ini_bof.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/28969

Vendor Advisory third-party-advisory

https://www.fortiguard.com/encyclopedia/ips/37394/beetel-connection-manager-netconfig-username-buffer-overflow

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/beetel-connection-manager-stack-based-buffer-overflow

Scores

CVSS v4 8.4

EPSS 0.0042

EPSS Percentile 33.0%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

Beetel Teletech Ltd./Connection Manager PCW_BTLINDV1.0.0B04

Published Jul 31, 2025

Tracked Since Feb 18, 2026