Security Advisory

CVE-2015-2868

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-01-06 21:00:00

Last updated 2024-08-06 05:32:19

Assigner certcc

State PUBLISHED

Description

An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.

← Browse all CVEs View on cve.org ↗