CVE-2019-12518

CRITICAL

Anviz CrossChex 4.3.8.0 and 4.3.12 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-12518. PoCs published by Metasploit, Luis Catarino <[email protected]>, Pedro Rodrigues <[email protected]>, agalway-r7, adfoster-r7, including Metasploit module exploits/windows/misc/crosschex_device_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Anviz CrossChex by responding to a broadcast with a crafted UDP packet, overwriting EIP to redirect execution to a 'JMP ESP' instruction, leading to arbitrary code execution.

Description

Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/48092

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Anviz CrossChex by responding to a broadcast with a crafted UDP packet, overwriting EIP to redirect execution to a 'JMP ESP' instruction, leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Anviz CrossChex Standard x86 <= V4.3.12

No auth needed

Prerequisites: Network access to UDP port 5050 · Target software running and broadcasting for new devices

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Luis Catarino <[email protected]>, Pedro Rodrigues <[email protected]>, agalway-r7, adfoster-r7 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/crosschex_device_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Anviz CrossChex by responding to a broadcast with a crafted UDP packet, overwriting the saved EIP to redirect execution to a 'JMP ESP' instruction, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Anviz CrossChex Standard x86 <= V4.3.12

No auth needed

Prerequisites: Network access to the target device · Target device must send a broadcast to discover new devices

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.0x90.zone/multiple/reverse/2019/11/28/Anviz-pwn.html

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/156335/Anviz-CrossChex-Buffer-Overflow.html

Scores

CVSS v3 9.8

EPSS 0.7484

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (2)

anviz/crosschex 4.3.8.0

anviz/crosschex 4.3.12

Published Dec 02, 2019

Tracked Since Feb 18, 2026