Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-24474

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-09 Jun, 2021 | 19:01
Updated At-04 Aug, 2024 | 15:12
Rejected At-
Credits

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:09 Jun, 2021 | 19:01
Updated At:04 Aug, 2024 | 15:12
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Affected Products
Vendor
n/a
Product
Intel(R) Server Boards, Server Systems and Compute Modules
Versions
Affected
  • before version 2.48.ce3e3bd2
Problem Types
TypeCWE IDDescription
textN/Aescalation of privilege
Type: text
CWE ID: N/A
Description: escalation of privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html
x_refsource_MISC
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:09 Jun, 2021 | 20:15
Updated At:01 Jul, 2021 | 19:51

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.05.2MEDIUM
AV:A/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.2
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Intel Corporation
intel
>>baseboard_management_controller_firmware>>Versions before 2.48.ce3e3bd2(exclusive)
cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*
Intel Corporation
intel
>>compute_module_hns2600bpb24r>>-
cpe:2.3:h:intel:compute_module_hns2600bpb24r:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>compute_module_hns2600bpbr>>-
cpe:2.3:h:intel:compute_module_hns2600bpbr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>compute_module_hns2600bpq24r>>-
cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>compute_module_hns2600bpqr>>-
cpe:2.3:h:intel:compute_module_hns2600bpqr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>compute_module_hns2600bps24r>>-
cpe:2.3:h:intel:compute_module_hns2600bps24r:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>compute_module_hns2600bpsr>>-
cpe:2.3:h:intel:compute_module_hns2600bpsr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600bpb>>-
cpe:2.3:h:intel:server_board_s2600bpb:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600bpbr>>-
cpe:2.3:h:intel:server_board_s2600bpbr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600bpq>>-
cpe:2.3:h:intel:server_board_s2600bpq:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600bpqr>>-
cpe:2.3:h:intel:server_board_s2600bpqr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600bps>>-
cpe:2.3:h:intel:server_board_s2600bps:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600bpsr>>-
cpe:2.3:h:intel:server_board_s2600bpsr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600stb>>-
cpe:2.3:h:intel:server_board_s2600stb:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600stbr>>-
cpe:2.3:h:intel:server_board_s2600stbr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600stq>>-
cpe:2.3:h:intel:server_board_s2600stq:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600stqr>>-
cpe:2.3:h:intel:server_board_s2600stqr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600wf0>>-
cpe:2.3:h:intel:server_board_s2600wf0:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600wf0r>>-
cpe:2.3:h:intel:server_board_s2600wf0r:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600wfq>>-
cpe:2.3:h:intel:server_board_s2600wfq:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600wfqr>>-
cpe:2.3:h:intel:server_board_s2600wfqr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600wft>>-
cpe:2.3:h:intel:server_board_s2600wft:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_board_s2600wftr>>-
cpe:2.3:h:intel:server_board_s2600wftr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r1208wfqysr>>-
cpe:2.3:h:intel:server_system_r1208wfqysr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r1208wftys>>-
cpe:2.3:h:intel:server_system_r1208wftys:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r1208wftysr>>-
cpe:2.3:h:intel:server_system_r1208wftysr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r1304wf0ys>>-
cpe:2.3:h:intel:server_system_r1304wf0ys:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r1304wf0ysr>>-
cpe:2.3:h:intel:server_system_r1304wf0ysr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r1304wftys>>-
cpe:2.3:h:intel:server_system_r1304wftys:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r1304wftysr>>-
cpe:2.3:h:intel:server_system_r1304wftysr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2208wf0zs>>-
cpe:2.3:h:intel:server_system_r2208wf0zs:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2208wf0zsr>>-
cpe:2.3:h:intel:server_system_r2208wf0zsr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2208wfqzs>>-
cpe:2.3:h:intel:server_system_r2208wfqzs:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2208wfqzsr>>-
cpe:2.3:h:intel:server_system_r2208wfqzsr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2208wftzs>>-
cpe:2.3:h:intel:server_system_r2208wftzs:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2208wftzsr>>-
cpe:2.3:h:intel:server_system_r2208wftzsr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2224wfqzs>>-
cpe:2.3:h:intel:server_system_r2224wfqzs:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2224wftzs>>-
cpe:2.3:h:intel:server_system_r2224wftzs:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2224wftzsr>>-
cpe:2.3:h:intel:server_system_r2224wftzsr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2308wftzs>>-
cpe:2.3:h:intel:server_system_r2308wftzs:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2308wftzsr>>-
cpe:2.3:h:intel:server_system_r2308wftzsr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2312wf0np>>-
cpe:2.3:h:intel:server_system_r2312wf0np:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2312wf0npr>>-
cpe:2.3:h:intel:server_system_r2312wf0npr:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2312wfqzs>>-
cpe:2.3:h:intel:server_system_r2312wfqzs:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2312wftzs>>-
cpe:2.3:h:intel:server_system_r2312wftzs:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>server_system_r2312wftzsr>>-
cpe:2.3:h:intel:server_system_r2312wftzsr:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.htmlsecure@intel.com
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00476.html
Source: secure@intel.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

66Records found
CVE-2019-20762
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 52.84%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:13
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D8500 before 1.0.3.43, R8500 before 1.0.2.128, R8300 before 1.0.2.128, R8000 before 1.0.4.28, R7300DST before 1.0.0.68, R7100LG before 1.0.0.48, R6900P before 1.3.1.44, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R7000P before 1.3.1.44, R7000 before 1.0.9.34, R6900 before 1.0.2.4, R6700 before 1.0.2.6, and R6400 before 1.0.1.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d8500_firmwarer8500d8500r6700r8300_firmwarer8000r6400_firmwarer6900pr7000r7100lgr6900r8000pr7000pr6900p_firmwarer8500_firmwarer8300r7300dst_firmwarer7100lg_firmwarer6900_firmwarer7000_firmwarer8000_firmwarer8000p_firmwarer7300dstr6400r6700_firmwarer7900pr7900p_firmwarer7000p_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20758
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.33% / 55.40%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:10
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 15:35
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.52, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, and WNR3500Lv2 before 1.2.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer6900pr7100lgr7900r8000pr6900p_firmwarewndr3400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwaredgn2200r7000_firmwarer8000p_firmwared6400_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwarer6250_firmwarer7900pr7000p_firmwaredgnd2200b_firmwarer8500d7000d8500wndr3400_firmwared7000_firmwarer6700r8300_firmwarer7000wnr3500l_firmwarer6900d6400r7000pwnr3500ldgnd2200bdgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer7900p_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:07
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects DGN2200 before 1.0.0.58, DGN2200B before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.80, D6220 before 1.0.0.44, EX7000 before 1.0.0.66, EX6200 before 1.0.3.88, EX6150 before 1.0.0.42, EX7500 before 1.0.0.46, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900P before 1.4.0.10, R8000P before 1.4.0.10, R7900 before 1.0.2.16, R7000P before 1.3.1.44, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.1.44, R7000 before 1.0.9.32, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex7500r8000r6400_firmwareex7000ex6200r7100lgr7900r6900pr8000pr6900p_firmwared6220ex7500_firmwarer8500_firmwarer8300r7300dst_firmwarer7100lg_firmwaredgn2200r7000_firmwarer8000p_firmwared6400_firmwarewndr4500r7300dstd6220_firmwarer6300_firmwared8500_firmwaredgn2200b_firmwarer7900pr6250_firmwarer7000p_firmwarer8500d7000d8500dgn2200bd7000_firmwarer8300_firmwarer6700r7000wndr4500_firmwarewnr3500l_firmwareex6200_firmwareex6150d6400jndr3000_firmwarejndr3000r7000pr6900dgn2200_firmwarer6900_firmwarewnr3500lr7900_firmwareex7000_firmwarer6300r6400r6700_firmwarer7900p_firmwareex6150_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.55%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 15:46
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D8500 before 1.0.3.43, R6250 before 1.0.4.34, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R7000P before 1.4.1.30, R7100LG before 1.0.0.48, R7300DST before 1.0.0.68, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500d7000d8500d7000_firmwarer8300_firmwarer8000r7900pr6400_firmwarer7100lgr7900r8000pr7000pd6400r6250d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7900_firmwarer8000_firmwarer8000p_firmwared6400_firmwarer7300dstd6220_firmwarer6400d8500_firmwarer6250_firmwarer7900p_firmwarer7000p_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20657
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.73% / 71.72%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 18:44
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7000wnr2020_firmwarer6120r6080d7000_firmwarewnr2020r6230r6700r6220_firmwarepr2000r6080_firmwarer6230_firmwarer6900r6120_firmwared6200_firmwarer6800r6900_firmwarer6050_firmwarer6050pr2000_firmwarer6260r6260_firmwarer6220r6020d6200jr6150_firmwarejr6150r6700_firmwarer6020_firmwarer6800_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-9908
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.35% / 56.50%
||
7 Day CHG~0.00%
Published-13 Oct, 2024 | 12:00
Updated-16 Oct, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-619L B1 formSetMACFilter buffer overflow

A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-619ldir-619l_firmwareDIR-619L B1dir-619l_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-54887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.08% / 24.79%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 00:00
Updated-20 Jun, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr940ntl-wr940n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-9067
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-8||HIGH
EPSS-0.18% / 39.61%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 20:31
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-smartax_ea5800_firmwaresmartax_ma5600t_firmwaresmartax_ea5800smartax_ma5800smartax_ma5600tsmartax_ma5800_firmwareSmartAX MA5800SmartAX EA5800SmartAX MA5600T
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-41596
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.07% / 21.72%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 00:00
Updated-11 Jun, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor2915_firmwarevigor2866vigor2135_firmwarevigor2133vigor3220vigor2832vigor2915vigor2765_firmwarevigor3910vigor2133_firmwarevigor165_firmwarevigorlte200vigor2862vigor2926vigor2952vigor2865vigor2860vigorlte200_firmwarevigor2860_firmwarevigor2952_firmwarevigor2766vigor2766_firmwarevigor2962vigor2620vigor2135vigor2763_firmwarevigor166_firmwarevigor1000bvigor2962_firmwarevigor3912_firmwarevigor166vigor2866_firmwarevigor1000b_firmwarevigor3912vigor2765vigor2925_firmwarevigor2762_firmwarevigor2762vigor2620_firmwarevigor2865_firmwarevigor2832_firmwarevigor2862_firmwarevigor2925vigor3220_firmwarevigor2926_firmwarevigor165vigor2763n/avigor3910_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-41588
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.07% / 22.46%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 00:00
Updated-11 Jun, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910_firmwarevigor2915_firmwarevigor2866vigor2135_firmwarevigor2133vigor3220vigor2832vigor2915vigor2765_firmwarevigor3910vigor2133_firmwarevigor165_firmwarevigorlte200vigor2862vigor2926vigor2952vigor2865vigor2860vigorlte200_firmwarevigor2860_firmwarevigor2952_firmwarevigor2766vigor2766_firmwarevigor2962vigor2620vigor2135vigor2763_firmwarevigor166_firmwarevigor1000bvigor2962_firmwarevigor3912_firmwarevigor166vigor2866_firmwarevigor1000b_firmwarevigor3912vigor2765vigor2925_firmwarevigor2762_firmwarevigor2762vigor2620_firmwarevigor2865_firmwarevigor2832_firmwarevigor2862_firmwarevigor2925vigor3220_firmwarevigor2926_firmwarevigor165vigor2763n/avigor3910_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.46%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 19:57
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwared7800_firmwarer7800r8900r9000_firmwarewndr4500r9000r8900_firmwarewndr4300r7800_firmwarewndr4500_firmwared7800r7500wndr4300_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-18770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.65%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:49
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800plw1000_firmwareplw1010plw1010_firmwarer7800_firmwareplw1000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-3182
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.08% / 24.01%
||
7 Day CHG~0.00%
Published-19 Jan, 2021 | 14:40
Updated-03 Aug, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dcs-5220_firmwaredcs-5220n/adcs-5220_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-46431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 00:00
Updated-25 Mar, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w18e_firmwarew18en/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-35787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.14% / 34.50%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:40
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6000_firmwarer6120r8900_firmwarer6220_firmwarepr2000r6080_firmwareex7000ex6200r6900pex8000r6120_firmwarer6900p_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r7000_firmwarer6220r6020d3600xr500_firmwarer6300_firmwarer6020_firmwarexr500r7000p_firmwared7000ex8000_firmwarer8900r9000_firmwarer6080d7000_firmwarer6700r7000d6000ex6200_firmwarer6900r7000pr9000d6200_firmwarer6900_firmwarer6050_firmwarer7800d6200jr6150jr6150_firmwareex7000_firmwarer6300r7800_firmwarer6700_firmwarer6800_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • Next
Details not found