The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| claymore_dual_miner_project | claymore_dual_miner | 10.1 |
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| claymore_dual_miner_project | claymore_dual_miner | 10.1 |
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| claymore_dual_miner_project | claymore_dual_miner | * |