Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-32975

Summary
Assigner-qnap
Assigner Org ID-2fd009eb-170a-4625-932b-17a53af1051f
Published At-08 Dec, 2023 | 16:07
Updated At-27 May, 2025 | 14:47
Rejected At-
Credits

QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qnap
Assigner Org ID:2fd009eb-170a-4625-932b-17a53af1051f
Published At:08 Dec, 2023 | 16:07
Updated At:27 May, 2025 | 14:47
Rejected At:
▼CVE Numbering Authority (CNA)
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

Affected Products
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QTS
Default Status
unaffected
Versions
Affected
  • From 5.0.x before 5.0.1.2514 build 20230906 (custom)
  • From 5.1.x before 5.1.2.2533 build 20230926 (custom)
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QuTS hero
Default Status
unaffected
Versions
Affected
  • From h5.0.x before h5.0.1.2515 build 20230907 (custom)
  • From h5.1.x before h5.1.2.2534 build 20230927 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120
Type: CWE
CWE ID: CWE-120
Description: CWE-120
Metrics
VersionBase scoreBase severityVector
3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100
CAPEC ID: CAPEC-100
Description: CAPEC-100
Solutions

We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

Configurations
Workarounds
Exploits
Credits
finder
Jiaxu Zhao && Bingwei Peng
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-23-07
N/A
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-23-07
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-23-07
x_transferred
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-23-07
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@qnapsecurity.com.tw
Published At:08 Dec, 2023 | 16:15
Updated At:13 Dec, 2023 | 16:14

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CPE Matches
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2348
cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2399
cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2418
cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2444
cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2466
cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.1.2491
cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2034
cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2079
cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2131
cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2137
cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2145
cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2173
cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2194
cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2234
cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2248
cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2277
cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2346
cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2376
cpe:2.3:o:qnap:qts:5.0.1.2376:build_20230421:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2425
cpe:2.3:o:qnap:qts:5.0.1.2425:build_20230609:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.0.2409
cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.0.2424
cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.0.2453
cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.0.2466
cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.1.2488
cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2045
cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2192
cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2248
cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2269
cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2277
cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2348
cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2376
cpe:2.3:o:qnap:quts_hero:h5.0.1.2376:build_20230421:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarysecurity@qnapsecurity.com.tw
CWE ID: CWE-120
Type: Primary
Source: security@qnapsecurity.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qnap.com/en/security-advisory/qsa-23-07security@qnapsecurity.com.tw
Vendor Advisory
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-23-07
Source: security@qnapsecurity.com.tw
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

194Records found
CVE-2024-37050
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.51% / 65.28%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 15:32
Updated-22 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-37044
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.51% / 65.28%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 15:33
Updated-22 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-QuTS heroQTS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-32763
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.69% / 70.79%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 16:27
Updated-20 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-27129
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.32% / 54.15%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 16:08
Updated-11 Sep, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTSquts_heroqts
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-27128
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.32% / 54.15%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 16:08
Updated-11 Sep, 2024 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTSquts_heroqts
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-50361
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.35% / 56.60%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 15:01
Updated-11 Sep, 2024 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTSquts_heroqts
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-51367
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.42% / 61.23%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 16:26
Updated-11 Sep, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-50364
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.17% / 38.88%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 15:01
Updated-11 Sep, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTSquts_heroqts
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-50362
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.35% / 56.60%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 15:01
Updated-11 Sep, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTSquts_heroqts
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-38687
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.81% / 73.31%
||
7 Day CHG~0.00%
Published-29 Dec, 2021 | 13:05
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Overflow Vulnerability in Surveillance Station

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-surveillance_stationqtsSurveillance Station
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-23364
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.66% / 70.14%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 03:51
Updated-24 Sep, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multimedia Console

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-multimedia_consoleMultimedia Console
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-23363
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-1.28% / 78.74%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 03:50
Updated-24 Sep, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsQTS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-27130
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-81.38% / 99.13%
||
7 Day CHG-0.28%
Published-21 May, 2024 | 16:08
Updated-11 Sep, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTSquts_heroqts
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-53695
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 16:13
Updated-07 Mar, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HBS 3 Hybrid Backup Sync

A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.4.952 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-HBS 3 Hybrid Backup Sync
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-0721
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.63% / 69.43%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Security Advisory for Vulnerabilities in QTS

Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsQTS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-38682
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-1.21% / 78.17%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 01:00
Updated-16 Sep, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qvr_guardqvr_eliteqvr_proQVR ProQVR EliteQVR Guard
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38690
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-1.21% / 78.17%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 01:00
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qvr_guardqvr_eliteqvr_proQVR ProQVR EliteQVR Guard
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38692
Matching Score-6
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-6
Assigner-QNAP Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-1.21% / 78.17%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 01:00
Updated-16 Sep, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qvr_guardqvr_eliteqvr_proQVR ProQVR EliteQVR Guard
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45529
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.17% / 38.75%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:57
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.30, R8000 before 1.0.4.52, and WNR3500Lv2 before 1.2.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwared8500d7000v2_firmwarer8000wnr3500lv2r6400_firmwarer6900pr7000r7900r7000pr6900p_firmwarecbr40d7000v2r7900_firmwarer7000_firmwarewnr3500lv2_firmwarer6400d8500_firmwarer8000_firmwarer7000p_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-45528
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.75%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:57
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R7900 before 1.0.3.18, R8000 before 1.0.4.46, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.3.88, RAX80 before 1.0.3.88, and WNR3500Lv2 before 1.2.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6300v2_firmwarerax80r8000rax75wnr3500lv2r6400_firmwarer7000r6300v2rax80_firmwarer7900r6900r8000pr6900_firmwarer7900_firmwarer7000_firmwarer8000_firmwarer8000p_firmwarewnr3500lv2_firmwarerax75_firmwarer6400r7900pr7900p_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-46122
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 60.76%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 15:27
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr840n_firmwaretl-wr840nn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-52754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 38.84%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-22 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-8003_firmwaredi-8003n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52757
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 38.84%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-22 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-8003_firmwaredi-8003n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2851
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.14%
||
7 Day CHG~0.00%
Published-29 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.

Action-Not Available
Vendor-foscamFoscam
Product-c1_indoor_hd_camerac1_indoor_hd_camera_firmwareIndoor IP Camera C1 Series
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39770
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 30.95%
||
7 Day CHG-0.06%
Published-14 Jan, 2025 | 14:21
Updated-22 Aug, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8wl-wn533a8_firmwareWavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39288
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.27% / 50.11%
||
7 Day CHG-0.02%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39801
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 30.95%
||
7 Day CHG+0.02%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST parameter.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39768
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 30.95%
||
7 Day CHG-0.06%
Published-14 Jan, 2025 | 14:21
Updated-22 Aug, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8wl-wn533a8_firmwareWavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39358
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.16% / 37.68%
||
7 Day CHG-0.01%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39802
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 30.95%
||
7 Day CHG+0.02%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST parameter.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39370
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.46% / 63.11%
||
7 Day CHG+0.01%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39769
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 30.95%
||
7 Day CHG-0.06%
Published-14 Jan, 2025 | 14:21
Updated-22 Aug, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_mac` POST parameter.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8wl-wn533a8_firmwareWavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39294
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.16% / 37.68%
||
7 Day CHG-0.01%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-39803
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 30.95%
||
7 Day CHG-0.06%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST parameter.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-37357
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.27% / 50.11%
||
7 Day CHG-0.02%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-36272
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.16% / 37.68%
||
7 Day CHG+0.07%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28196
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Generate SSL certificate function

The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28176
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:01
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - DNS configuration function

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28184
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Active Directory configuration function

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28175
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:01
Updated-16 Sep, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Radius configuration function

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28194
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Remote image configuration setting

The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28183
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Web License configuration setting

The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28186
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - ActiveX configuration-2 acquisition

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28189
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - SMTP configuration function

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28191
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Firmware update function

The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28188
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Modify user’s information function

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28202
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-17 Sep, 2024 | 02:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Service configuration-2 function

The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28178
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - UEFI configuration function

The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28190
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Generate new certificate function

The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28193
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - SMTP configuration function

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found