PR
CVE 2019 3980
projectdiscovery/nuclei-templates#14301

/claim #14297

PR Information

This PR adds a network template for CVE-2019-3980, a critical Remote Code Execution vulnerability in SolarWinds Dameware Mini Remote Client Agent v12.1.0.89.

The vulnerability allows unauthenticated attackers to execute arbitrary code by manipulating the smart card authentication mechanism. The template uses the raw TCP protocol to send a crafted handshake that triggers the vulnerability and checks for a valid server response indicating success.

Reference:

https://www.tenable.com/security/research/tra-227-43 https://nvd.nist.gov/vuln/detail/CVE-2019-3980 Metadata:

Verified: True Max Risk: Critical (CVSS: 9.8)

debug

$ nuclei -t cve-2019-3980.yaml -target localhost:6666



                     __     _

   ____  __  _______/ /__  (_)

  / __ \/ / / / ___/ / _ \/ /

 / / / / /_/ / /__/ /  __/ /

/_/ /_/\__,_/\___/_/\___/_/   v3.5.1



                projectdiscovery.io



[INF] Current nuclei version: v3.5.1 (outdated)

[INF] Current nuclei-templates version: v10.3.5 (latest)

[INF] New templates added in latest release: 57

[INF] Templates loaded for current scan: 1

[WRN] Loading 1 unsigned templates for scan. Use with caution.

[INF] Targets loaded for current scan: 1

[cve-2019-3980] [tcp] [critical] localhost:6666

[INF] Scan completed in 2.012053ms. 1 matches found.

Claim

Total prize pool $100
Total paid $0
Status Pending
Submitted December 09, 2025
Last updated December 09, 2025

Contributors

AL

Alan Barret

@alanbarret

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$100