漏洞总结:Central Management Software 1.4.13 拒绝服务漏洞 (PoC) 漏洞概述 EDB-ID: 45207 作者: Gionathan Reale 发布日期: 2018-08-16 漏洞类型: 拒绝服务 (DoS) 平台: Windows x86 64-bit 受影响版本: Central Management Software v1.4.13 影响范围 操作系统: Windows 10 软件版本: 1.4.13 漏洞描述: 通过构造恶意输入,导致CMS客户端程序崩溃。 修复方案 目前页面未提供具体的修复方案或补丁信息。 POC代码 ```python #!/usr/bin/python Exploit Title: Central Management Software v1.4.13 - Denial of Service (PoC) Author: Gionathan "John" Reale Discovery Date: 2018-08-16 Homepage: https://www.ambientweather.com Software Link: https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/ssl/Manuals/ambientcam/04_central_management_software.zip Tested Version: 1.4.13 Tested on OS: Windows 10 Steps to Reproduce: Run the python exploit script, it will create a new file with the name "exploit.txt" just copy the text inside "exploit.txt" and start the CMS client program. In the new window paste the content of "exploit.txt" into the following fields: "Password". Click "login" and you will see a crash.