A vulnerability was found in WDaemon 7.2.0/9.0.4/9.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown function in the library worldclient.dll of the component Worldclient. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. The summary by CVE is:

** DISPUTED ** WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact. NOTE: The researcher reports that the vendor response was "this is not a security bug."

The weakness was released 01/18/2007 (Website). It is possible to read the advisory at hackers.ir. This vulnerability is known as CVE-2007-0383 since 01/19/2007. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

The real existence of this vulnerability is still doubted at the moment.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Entries connected to this vulnerability are available at 34535, 34534, 34533 and 34528.

Productinfo

Name

• WDaemon

Version

• 7.2.0
• 9.0.4
• 9.5.4

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion