CVE-2021-45856

Vulnerability

A remote buffer overflow vulnerability exists in the Accu-Time Systems MAXIMUS 1.0 telnet service. The bug is triggered by sending a specially crafted, oversized payload to the telnet port, which overflows the buffer and causes the service to crash. The affected version is explicitly MAXIMUS 1.0; no other versions are mentioned in the reference [1].

Exploitation

An attacker can exploit this vulnerability from a remote network position without any authentication. The only requirement is network connectivity to the target device's telnet service. Attackers can send a crafted packet (e.g., using a Python script available in the public exploit) that contains a long string to overflow the buffer, causing the telnet service to terminate abruptly [1].

Impact

Successful exploitation results in a denial of service (DoS) condition: the telnet service crashes and becomes unavailable. The reference does not indicate code execution or data compromise; the impact is limited to service disruption, affecting system availability [1].

Mitigation

As of the publication date (2022-01-09), no official patch or fixed version is disclosed in the available references [1]. Users should consider restricting telnet access to trusted networks only via firewall rules or disabling the telnet service if it is not strictly necessary. The product may be end-of-life (EOL), but the reference does not confirm this. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.