Critical severity9.8NVD Advisory· Published Jan 6, 2017· Updated Jun 17, 2026
CVE-2015-2868
CVE-2015-2868
Description
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*
- (no CPE)range: = 2.0.2
- (no CPE)range: 2.0.2
Patches
Vulnerability mechanics
References
2- www.talosintelligence.com/reports/TALOS-2016-0027/nvdExploitTechnical DescriptionThird Party Advisory
- www.securityfocus.com/bid/95118nvd
News mentions
0No linked articles in our index yet.