VYPR
Critical severity9.8NVD Advisory· Published Jan 6, 2017· Updated Jun 17, 2026

CVE-2015-2868

CVE-2015-2868

Description

An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*
    • (no CPE)range: = 2.0.2
    • (no CPE)range: 2.0.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.