cve/2020/CVE-2020-29238.md

CVE-2020-29238

Description

An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.

POC

Reference

• http://packetstormsecurity.com/files/162152/ExpressVPN-VPN-Router-1.0-Integer-Overflow.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/IDEA-Research-Group/AMADEUS
• https://github.com/ajvarela/amadeus-exploit