CVE-2019-18257
CRITICALAdvantech DiagAnywhere < 3.07.11 - Unauthenticated Stack-based Buffer Overflow via File Transfer Service
Title source: llmDescription
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-346-01
Scores
CVSS v3
9.8
EPSS
0.0060
EPSS Percentile
69.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
CWE-787
Status
published
Products (1)
advantech/diaganywhere
< 3.07.11
Published
Dec 17, 2019
Tracked Since
Feb 18, 2026