ByteOS Network

NVD Vulnerability Details :

CVE-2013-10036

Awaiting Analysis

Source-disclosure@vulncheck.com

Published At-31 Jul, 2025 | 15:15

Updated At-31 Jul, 2025 | 18:42

A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.4	HIGH	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-121	Secondary	disclosure@vulncheck.com

CWE ID: CWE-121

Type: Secondary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/beetel_netconfig_ini_bof.rb	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/28969	disclosure@vulncheck.com	N/A
https://www.fortiguard.com/encyclopedia/ips/37394/beetel-connection-manager-netconfig-username-buffer-overflow	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/beetel-connection-manager-stack-based-buffer-overflow	disclosure@vulncheck.com	N/A