CVE-2017-16930

CRITICAL

Claymore Dual GPU miner 10.1 - RCE

Title source: llm

Description

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.

Exploits (1)

exploitdb WORKING POC

by tintinweb · pythonremotewindows

https://www.exploit-db.com/exploits/43231

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43231/

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/12/04/3

[Third Party Advisory] https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16930

Scores

CVSS v3 9.8

EPSS 0.5386

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

claymore_dual_miner_project/claymore_dual_miner 10.1

Published Dec 05, 2017

Tracked Since Feb 18, 2026