Description
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessing the Command Shell feature.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (local application crash)
Action: Patch immediately
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the Shell configuration field of ZOC Terminal’s Program Settings. When a user supplies an excessively long string and subsequently launches the Command Shell feature, the application attempts to write the malformed input beyond its bounds, leading to a crash. The result is a denial of service that disrupts terminal sessions but does not provide remote code execution or privilege escalation. Impact is limited to the local machine and the user running the application.

Affected Systems

Emtec’s ZOC Terminal version 7.23.4 is affected. Other versions are not listed as vulnerable in the available data.

Risk and Exploitability

With a CVSS score of 6.9, the vulnerability is considered moderate. No EPSS rating is available and it is not listed in CISA’s KEV catalog, suggesting limited known exploitation activity. The attack vector is local; an attacker must have access to the machine and the ability to paste a crafted payload into the Shell field. The exploit does not grant code execution or escalation, but it can interrupt legitimate use by crashing the application.

Generated by OpenCVE AI on March 22, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest release of ZOC Terminal from Emtec’s official website, which removes the buffer overflow bug.
  • Verify that the Shell configuration field contains a standard command (e.g., cmd.exe or powershell.exe) and avoid excessively long strings until the update is applied.
  • If an update is not immediately possible, disable or avoid using the Command Shell feature until a patch is applied.

Generated by OpenCVE AI on March 22, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Emtec
Emtec zoc Terminal
Vendors & Products Emtec
Emtec zoc Terminal

Sun, 22 Mar 2026 00:30:00 +0000

Type Values Removed Values Added
Description ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessing the Command Shell feature.
Title ZOC Terminal 7.23.4 Buffer Overflow Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Emtec Zoc Terminal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:18:25.400Z

Reserved: 2026-03-21T16:46:36.497Z

Link: CVE-2019-25589

cve-icon Vulnrichment

Updated: 2026-03-23T16:18:21.840Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-22T01:16:57.277

Modified: 2026-03-23T14:31:37.267

Link: CVE-2019-25589

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:50Z

Weaknesses