MidnightBSD

Advisories for claymore_dual_miner_project

CVE-2017-16929 HIGH

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-119,

Products Affected

Vendor Product Version
claymore_dual_miner_project claymore_dual_miner 10.1
CVE-2017-16930 HIGH

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
claymore_dual_miner_project claymore_dual_miner 10.1
CVE-2018-6317 MEDIUM

The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
claymore_dual_miner_project claymore_dual_miner *