A critical vulnerability has been identified in multiple Ether products, which allows a remote attacker to gain complete control over an affected system. By submitting a malicious registration name, an attacker can execute arbitrary code, potentially leading to data theft, installation of malware, or a complete system takeover.

This is a stack-based buffer overflow vulnerability. The software fails to properly validate the length of user-supplied data in the registration name field. An attacker can send an overly long string as the registration name, which overwrites the program's stack and, specifically, the Structured Exception Handler (SEH) record. By controlling the SEH, the attacker can redirect the application's execution flow to malicious code (shellcode) embedded within their payload, achieving remote code execution. The described public exploit for this vulnerability results in a bind shell listening on TCP port 3110, giving the attacker direct command-line access to the compromised machine.

This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high risk of compromise. Successful exploitation gives an attacker full control over the affected system, allowing for the exfiltration of sensitive data, deployment of ransomware, disruption of critical services, and use of the compromised host to launch further attacks against the internal network. The potential for complete system compromise poses a severe threat to data confidentiality, integrity, and availability.

Immediate Action: Update Ether Multiple Products to the latest version. System administrators must consult the official vendor security advisory to identify the specific patch or software version that addresses this vulnerability and apply it immediately to all affected systems.

Proactive Monitoring: Security teams should actively monitor for signs of compromise. This includes inspecting network traffic for any unusual activity or connections to TCP port 3110. Application and system logs should be reviewed for crashes related to the Ether software or evidence of malformed registration attempts.

Compensating Controls: If patching cannot be performed immediately, implement compensating controls to reduce risk. Use host-based or network firewalls to block all inbound and outbound traffic on TCP port 3110. Ensure that modern memory protection mechanisms like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are enabled system-wide, as they can make this type of exploit more difficult to execute successfully.

Public Exploit Available: true

Due to the critical severity (CVSS 9.8) and the existence of a public exploit granting remote code execution, this vulnerability requires immediate attention. All organizations using affected Ether products must prioritize the deployment of vendor-supplied patches to prevent a potential compromise. The absence of this CVE from the CISA KEV list should not diminish the urgency of remediation efforts.