Claymore Dual Miner Project: >> Claymore Dual Miner >> 10.1 Security Vulnerabilities
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
CVSS Score
9.1
EPSS Score
0.734
Published
2018-02-02
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.
CVSS Score
8.1
EPSS Score
0.323
Published
2017-12-05
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.
CVSS Score
9.8
EPSS Score
0.539
Published
2017-12-05