Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-32975

Summary
Assigner-qnap
Assigner Org ID-2fd009eb-170a-4625-932b-17a53af1051f
Published At-08 Dec, 2023 | 16:07
Updated At-27 May, 2025 | 14:47
Rejected At-
Credits

QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qnap
Assigner Org ID:2fd009eb-170a-4625-932b-17a53af1051f
Published At:08 Dec, 2023 | 16:07
Updated At:27 May, 2025 | 14:47
Rejected At:
▼CVE Numbering Authority (CNA)
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

Affected Products
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QTS
Default Status
unaffected
Versions
Affected
  • From 5.0.x before 5.0.1.2514 build 20230906 (custom)
  • From 5.1.x before 5.1.2.2533 build 20230926 (custom)
Vendor
QNAP Systems, Inc.QNAP Systems Inc.
Product
QuTS hero
Default Status
unaffected
Versions
Affected
  • From h5.0.x before h5.0.1.2515 build 20230907 (custom)
  • From h5.1.x before h5.1.2.2534 build 20230927 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120
Type: CWE
CWE ID: CWE-120
Description: CWE-120
Metrics
VersionBase scoreBase severityVector
3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100
CAPEC ID: CAPEC-100
Description: CAPEC-100
Solutions

We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

Configurations
Workarounds
Exploits
Credits
finder
Jiaxu Zhao && Bingwei Peng
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-23-07
N/A
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-23-07
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qnap.com/en/security-advisory/qsa-23-07
x_transferred
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-23-07
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@qnapsecurity.com.tw
Published At:08 Dec, 2023 | 16:15
Updated At:13 Dec, 2023 | 16:14

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CPE Matches
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2348
cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2399
cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2418
cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2444
cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.0.2466
cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.1.1.2491
cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2034
cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2079
cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2131
cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2137
cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2145
cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2173
cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2194
cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2234
cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2248
cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2277
cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2346
cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2376
cpe:2.3:o:qnap:qts:5.0.1.2376:build_20230421:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>qts>>5.0.1.2425
cpe:2.3:o:qnap:qts:5.0.1.2425:build_20230609:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.0.2409
cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.0.2424
cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.0.2453
cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.0.2466
cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.1.1.2488
cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2045
cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2192
cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2248
cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2269
cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2277
cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2348
cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*
QNAP Systems, Inc.
qnap
>>quts_hero>>h5.0.1.2376
cpe:2.3:o:qnap:quts_hero:h5.0.1.2376:build_20230421:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarysecurity@qnapsecurity.com.tw
CWE ID: CWE-120
Type: Primary
Source: security@qnapsecurity.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qnap.com/en/security-advisory/qsa-23-07security@qnapsecurity.com.tw
Vendor Advisory
Hyperlink: https://www.qnap.com/en/security-advisory/qsa-23-07
Source: security@qnapsecurity.com.tw
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

194Records found
CVE-2022-20879
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 63.95%
||
7 Day CHG-0.10%
Published-21 Jul, 2022 | 03:54
Updated-01 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20886
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 63.95%
||
7 Day CHG+0.22%
Published-21 Jul, 2022 | 03:53
Updated-06 Nov, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20911
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.39% / 59.49%
||
7 Day CHG-0.20%
Published-21 Jul, 2022 | 04:00
Updated-01 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20897
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG+0.12%
Published-21 Jul, 2022 | 03:51
Updated-06 Nov, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20888
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 63.95%
||
7 Day CHG+0.22%
Published-21 Jul, 2022 | 03:53
Updated-01 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20912
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG-0.20%
Published-21 Jul, 2022 | 04:06
Updated-01 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20902
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG-0.20%
Published-21 Jul, 2022 | 03:51
Updated-06 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20898
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG+0.12%
Published-21 Jul, 2022 | 03:51
Updated-06 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20876
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 63.95%
||
7 Day CHG-0.10%
Published-21 Jul, 2022 | 03:45
Updated-06 Nov, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20889
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG-0.20%
Published-21 Jul, 2022 | 03:52
Updated-01 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20880
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 63.95%
||
7 Day CHG-0.10%
Published-21 Jul, 2022 | 03:54
Updated-01 Nov, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20892
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG+0.12%
Published-21 Jul, 2022 | 03:52
Updated-01 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20875
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 63.95%
||
7 Day CHG-0.10%
Published-21 Jul, 2022 | 03:45
Updated-01 Nov, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20893
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG+0.12%
Published-21 Jul, 2022 | 03:52
Updated-01 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20882
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 63.95%
||
7 Day CHG+0.17%
Published-21 Jul, 2022 | 03:54
Updated-06 Nov, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20901
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG-0.20%
Published-21 Jul, 2022 | 03:51
Updated-06 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20881
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 63.95%
||
7 Day CHG-0.10%
Published-21 Jul, 2022 | 03:54
Updated-06 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20904
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.58% / 67.91%
||
7 Day CHG+0.15%
Published-21 Jul, 2022 | 03:50
Updated-06 Nov, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20884
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.48% / 63.95%
||
7 Day CHG+0.17%
Published-21 Jul, 2022 | 03:53
Updated-06 Nov, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20899
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG+0.12%
Published-21 Jul, 2022 | 03:51
Updated-06 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-20894
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG+0.12%
Published-21 Jul, 2022 | 03:52
Updated-01 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-46122
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 60.77%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 15:27
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr840n_firmwaretl-wr840nn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-2851
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.14%
||
7 Day CHG~0.00%
Published-29 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.

Action-Not Available
Vendor-foscamFoscam
Product-c1_indoor_hd_camerac1_indoor_hd_camera_firmwareIndoor IP Camera C1 Series
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28184
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Active Directory configuration function

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28185
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - ActiveX configuration-1 acquisition

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28194
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Remote image configuration setting

The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28182
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Web Service configuration function

The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28175
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:01
Updated-16 Sep, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Radius configuration function

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28189
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - SMTP configuration function

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28195
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Radius configuration function

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28200
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - CD media configuration function

The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28181
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Remote video configuration setting

The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28190
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Generate new certificate function

The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28196
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Generate SSL certificate function

The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-23850
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 49.91%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:03
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow vulnerability in the recovery image telnet server

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-flexidome_ip_panoramic_6000dinion_hd_720pdinion_ip_starlight_7000_hddinion_ip_ultra_8000flexidome_ip_starlight_7000_firmwareflexidome_ip_indoor_5000_hddinion_ip_5000_hddinion_ip_bullet_4000_firmwareflexidome_ip_starlight_5000i_firmwaremic_ip_starlight_7000ip_micro_2000_firmwaredinion_ip_starlight_7000_firmwaredinion_ip_thermal_8000_firmwaredinion_ip_bullet_4000autodome_ip_5000iautodome_ip_4000_hddinion_ip_bullet_5000autodome_ip_starlight_5000i_firmwaremic_ip_starlight_7100i_firmwaredinion_ip_thermal_9000_rmflexidome_corner_9000_mp_firmwareflexidome_ip_micro_2000_ipdinion_hd_1080pdinion_ip_starlight_8000_firmwareflexidome_ip_5000i_firmwareflexidome_hd_1080p_firmwarevandal-proof_flexidome_hd_1080p_hdrflexidome_ip_starlight_8000idinion_hd_1080p_hdr_firmwaremic_ip_starlight_7000i_firmwareip_bullet_5000_hd_firmwareip_bullet_4000_hd_firmwareflexidome_ip_micro_2000_hdmic_ip_starlight_7100iflexidome_ip_outdoor_4000_hd_firmwaredinion_ip_bullet_5000i_firmwaredinion_hd_720p_firmwareflexidome_ip_indoor_5000_hd_firmwareautodome_ip_5000i_firmwareautodome_ip_4000_hd_firmwareflexidome_ip_starlight_6000_firmwareautodome_ip_5000_ir_firmwareflexidome_ip_panoramic_5000_firmwareflexidome_ip_micro_2000_hd_firmwaremic_ip_fusion_9000iflexidome_ip_starlight_7000flexidome_ip_indoor_4000_hd_firmwareflexidome_ip_outdoor_4000_irflexidome_ip_outdoor_4000_ir_firmwareflexidome_ip_micro_5000_mp_firmwaredinion_hd_1080p_hdrflexidome_ip_outdoor_5000_hd_firmwaremic_ip_starlight_7000idinion_ip_starlight_6000autodome_7000autodome_ip_starlight_7000i_firmwareflexidome_ip_starlight_8000i_firmwaremic_ip_starlight_7000_firmwareip_bullet_4000_hdvandal-proof_flexidome_hd_1080p_firmwareflexidome_hd_1080p_hdrdinion_ip_5000_mp_firmwareaviotec_ip_starlight_8000_firmwareip_micro_2000_hddinion_ip_starlight_8000dinion_ip_thermal_8000flexidome_ip_panoramic_6000_firmwaredinion_ip_bullet_6000iflexidome_ip_starlight_6000dinion_ip_starlight_7000_hd_firmwareflexidome_ip_micro_2000_ip_firmwareflexidome_hd_720p_firmwaredinion_hd_1080p_firmwareflexidome_ip_panoramic_7000_firmwareflexidome_ip_panoramic_5000flexidome_ip_indoor_5000_mpdinion_ip_ultra_8000_firmwaredinion_ip_bullet_4000iflexidome_ip_outdoor_4000_hddinion_ip_3000iautodome_ip_starlight_7000iip_micro_2000_hd_firmwaredinion_ip_bullet_4000i_firmwarevandal-proof_flexidome_hd_1080p_hdr_firmwaredinion_ip_starlight_6000_firmwaremic_ip_dynamic_7000mic_ip_ultra_7100iflexidome_ip_indoor_4000_irtinyon_ip_2000dinion_ip_3000i_firmwaredinion_ip_starlight_7000dinion_ip_4000_hdflexidome_hd_1080p_hdr_firmwareflexidome_ip_outdoor_5000_mpvandal-proof_flexidome_hd_1080pmic_ip_fusion_9000i_firmwareautodome_ip_5000_irflexidome_ip_3000i_firmwaredinion_imager_9000_hdmic_ip_ultra_7100i_firmwareflexidome_corner_9000_mpautodome_ip_5000_hd_firmwaredinion_ip_5000_hd_firmwaredinion_ip_5000_mpmic_ip_dynamic_7000_firmwareflexidome_ip_4000iaviotec_ip_starlight_8000flexidome_ip_indoor_4000_ir_firmwareip_bullet_5000_hdflexidome_ip_outdoor_5000_mp_firmwarevandal-proof_flexidome_hd_720p_firmwareautodome_ip_4000i_firmwaretinyon_ip_2000_firmwareflexidome_ip_outdoor_5000_hdflexidome_ip_4000i_firmwaredinion_ip_4000_hd_firmwaredinion_ip_thermal_9000_rm_firmwareflexidome_ip_starlight_5000idinion_ip_bullet_5000iflexidome_ip_indoor_4000_hdflexidome_hd_1080pdinion_ip_bullet_5000_firmwareautodome_ip_4000iautodome_7000_firmwareflexidome_ip_micro_5000_mpdinion_ip_bullet_6000i_firmwaredinion_imager_9000_hd_firmwareflexidome_ip_5000iip_micro_2000flexidome_hd_720pvandal-proof_flexidome_hd_720pautodome_ip_starlight_5000iflexidome_ip_indoor_5000_mp_firmwareflexidome_ip_3000iflexidome_ip_panoramic_7000autodome_ip_5000_hdCPP Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-23851
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 46.44%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:03
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow vulnerability in the recovery image web-based interface

A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-flexidome_ip_panoramic_6000dinion_hd_720pdinion_ip_starlight_7000_hddinion_ip_ultra_8000flexidome_ip_starlight_7000_firmwareflexidome_ip_indoor_5000_hddinion_ip_5000_hddinion_ip_bullet_4000_firmwareflexidome_ip_starlight_5000i_firmwaremic_ip_starlight_7000ip_micro_2000_firmwaredinion_ip_starlight_7000_firmwaredinion_ip_thermal_8000_firmwaredinion_ip_bullet_4000autodome_ip_5000iautodome_ip_4000_hddinion_ip_bullet_5000autodome_ip_starlight_5000i_firmwaremic_ip_starlight_7100i_firmwaredinion_ip_thermal_9000_rmflexidome_corner_9000_mp_firmwareflexidome_ip_micro_2000_ipdinion_hd_1080pdinion_ip_starlight_8000_firmwareflexidome_ip_5000i_firmwareflexidome_hd_1080p_firmwarevandal-proof_flexidome_hd_1080p_hdrflexidome_ip_starlight_8000idinion_hd_1080p_hdr_firmwaremic_ip_starlight_7000i_firmwareip_bullet_5000_hd_firmwareip_bullet_4000_hd_firmwareflexidome_ip_micro_2000_hdmic_ip_starlight_7100iflexidome_ip_outdoor_4000_hd_firmwaredinion_ip_bullet_5000i_firmwaredinion_hd_720p_firmwareflexidome_ip_indoor_5000_hd_firmwareautodome_ip_5000i_firmwareautodome_ip_4000_hd_firmwareflexidome_ip_starlight_6000_firmwareautodome_ip_5000_ir_firmwareflexidome_ip_panoramic_5000_firmwareflexidome_ip_micro_2000_hd_firmwaremic_ip_fusion_9000iflexidome_ip_starlight_7000flexidome_ip_indoor_4000_hd_firmwareflexidome_ip_outdoor_4000_irflexidome_ip_outdoor_4000_ir_firmwareflexidome_ip_micro_5000_mp_firmwaredinion_hd_1080p_hdrflexidome_ip_outdoor_5000_hd_firmwaremic_ip_starlight_7000idinion_ip_starlight_6000autodome_7000autodome_ip_starlight_7000i_firmwareflexidome_ip_starlight_8000i_firmwaremic_ip_starlight_7000_firmwareip_bullet_4000_hdvandal-proof_flexidome_hd_1080p_firmwareflexidome_hd_1080p_hdrdinion_ip_5000_mp_firmwareaviotec_ip_starlight_8000_firmwareip_micro_2000_hddinion_ip_starlight_8000dinion_ip_thermal_8000flexidome_ip_panoramic_6000_firmwaredinion_ip_bullet_6000iflexidome_ip_starlight_6000dinion_ip_starlight_7000_hd_firmwareflexidome_ip_micro_2000_ip_firmwareflexidome_hd_720p_firmwaredinion_hd_1080p_firmwareflexidome_ip_panoramic_7000_firmwareflexidome_ip_panoramic_5000flexidome_ip_indoor_5000_mpdinion_ip_ultra_8000_firmwaredinion_ip_bullet_4000iflexidome_ip_outdoor_4000_hddinion_ip_3000iautodome_ip_starlight_7000iip_micro_2000_hd_firmwaredinion_ip_bullet_4000i_firmwarevandal-proof_flexidome_hd_1080p_hdr_firmwaredinion_ip_starlight_6000_firmwaremic_ip_dynamic_7000mic_ip_ultra_7100iflexidome_ip_indoor_4000_irtinyon_ip_2000dinion_ip_3000i_firmwaredinion_ip_starlight_7000dinion_ip_4000_hdflexidome_hd_1080p_hdr_firmwareflexidome_ip_outdoor_5000_mpvandal-proof_flexidome_hd_1080pmic_ip_fusion_9000i_firmwareautodome_ip_5000_irflexidome_ip_3000i_firmwaredinion_imager_9000_hdmic_ip_ultra_7100i_firmwareflexidome_corner_9000_mpautodome_ip_5000_hd_firmwaredinion_ip_5000_hd_firmwaredinion_ip_5000_mpmic_ip_dynamic_7000_firmwareflexidome_ip_4000iaviotec_ip_starlight_8000flexidome_ip_indoor_4000_ir_firmwareip_bullet_5000_hdflexidome_ip_outdoor_5000_mp_firmwarevandal-proof_flexidome_hd_720p_firmwareautodome_ip_4000i_firmwaretinyon_ip_2000_firmwareflexidome_ip_outdoor_5000_hdflexidome_ip_4000i_firmwaredinion_ip_4000_hd_firmwaredinion_ip_thermal_9000_rm_firmwareflexidome_ip_starlight_5000idinion_ip_bullet_5000iflexidome_ip_indoor_4000_hdflexidome_hd_1080pdinion_ip_bullet_5000_firmwareautodome_ip_4000iautodome_7000_firmwareflexidome_ip_micro_5000_mpdinion_ip_bullet_6000i_firmwaredinion_imager_9000_hd_firmwareflexidome_ip_5000iip_micro_2000flexidome_hd_720pvandal-proof_flexidome_hd_720pautodome_ip_starlight_5000iflexidome_ip_indoor_5000_mp_firmwareflexidome_ip_3000iflexidome_ip_panoramic_7000autodome_ip_5000_hdCPP Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-52757
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 38.83%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-22 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-8003_firmwaredi-8003n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.29% / 52.15%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-22 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-8003_firmwaredi-8003n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28191
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Firmware update function

The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28177
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - LDAP configuration function

The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28180
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.66%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Audit log configuration setting

The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28187
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Generate new SSL certificate

The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z10pe-d16_ws_firmwarez10pr-d16_firmwareasmb8-ikvm_firmwarez10pe-d16_wsz10pr-d16asmb8-ikvmBMC firmware for Z10PR-D16BMC firmware for ASMB8-iKVMBMC firmware for Z10PE-D16 WS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28199
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.9||MEDIUM
EPSS-0.90% / 74.72%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 05:02
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS BMC's firmware: buffer overflow - Modify user’s information function

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-z11pa-d8_firmwarers500-e9-rs4_firmwarers500a-e9_rs4_u_firmwarers700-e9-rs12_firmwarews_c422_pro\/se_firmwareesc4000_g4_firmwarers720-e9-rs12-ers500-e9-rs4-u_firmwarers720q-e9-rs8_firmwarers300-e10-rs4_firmwarers100-e10-pi2rs700a-e9-rs4v2_firmwarez11pa-d8c_firmwarers720a-e9-rs12v2rs720q-e9-rs8-srs500a-e10-ps4rs700-e9-rs4_firmwarers500-e9-ps4ws_c422_pro\/sers500-e9-rs4esc8000_g4_firmwarers500a-e9_rs4_uz11pr-d16rs520-e9-rs12-e_firmwarers500a-e10-ps4_firmwarews_c621e_sagers500a-e10-rs4rs300-e10-rs4z11pa-d8rs700a-e9-rs12v2_firmwarez11pa-u12\/10g-2srs300-e10-ps4asmb9-ikvmrs500a-e10-rs4_firmwarez11pa-u12rs500a-e9-rs4rs720a-e9-rs24-eesc4000_dhd_g4_firmwarers700a-e9-rs4_firmwarers700a-e9-rs4v2esc8000_g4rs720a-e9-rs24-e_firmwarepro_e800_g4rs720q-e9-rs8rs720a-e9-rs24v2e700_g4_firmwarers500-e9-rs4-urs700-e9-rs4z11pr-d16_firmwarers100-e10-pi2_firmwareesc4000_g4x_firmwarers500-e9-ps4_firmwarers520-e9-rs8rs500a-e9-ps4_firmwarers700a-e9-rs12v2rs520-e9-rs8_firmwarers720q-e9-rs24-srs520-e9-rs12-epro_e800_g4_firmwarez11pa-u12_firmwarez11pa-d8cknpa-u16esc4000_g4rs500a-e9-rs4_firmwarers720q-e9-rs24-s_firmwarez11pa-u12\/10g-2s_firmwarers700-e9-rs12ws_c621e_sage_firmwareknpa-u16_firmwareesc4000_dhd_g4rs720-e9-rs12-e_firmwarews_x299_pro\/sews_x299_pro\/se_firmwarers500a-e9-ps4asmb9-ikvm_firmwarers700a-e9-rs4rs720-e9-rs24-uesc8000_g4\/10g_firmwarers720a-e9-rs24v2_firmwareesc4000_g4xrs300-e10-ps4_firmwarers720-e9-rs8-grs720a-e9-rs12v2_firmwarers720-e9-rs8-g_firmwaree700_g4rs720-e9-rs24-u_firmwarers720q-e9-rs8-s_firmwareesc8000_g4\/10gBMC firmware for KNPA-U16BMC firmware for RS720Q-E9-RS24-SBMC firmware for ESC4000 G4XBMC firmware for RS500A-E9-RS4BMC firmware for Z11PA-D8BMC firmware for Z11PA-U12BMC firmware for ESC4000 DHD G4BMC firmware for RS720A-E9-RS12V2BMC firmware for WS C621E SAGEBMC firmware for RS500A-E10-RS4BMC firmware for RS520-E9-RS8BMC firmware for Pro E800 G4BMC firmware for RS500A-E9-PS4BMC firmware for RS500-E9-RS4BMC firmware for RS720-E9-RS24-UBMC firmware for Z11PA-U12/10G-2SBMC firmware for RS700A-E9-RS12V2BMC firmware for ASMB9-iKVMBMC firmware for RS720-E9-RS8-GBMC firmware for RS720A-E9-RS24V2BMC firmware for ESC4000 G4BMC firmware for RS500A-E10-PS4BMC firmware for RS700A-E9-RS4BMC firmware for E700 G4BMC firmware for RS100-E10-PI2BMC firmware for RS500-E9-PS4BMC firmware for ESC8000 G4BMC firmware for RS700-E9-RS4BMC firmware for Z11PR-D16BMC firmware for RS500-E9-RS4-UBMC firmware for RS720Q-E9-RS8-SBMC firmware for RS700-E9-RS12BMC firmware for RS720-E9-RS12-EBMC firmware for RS720Q-E9-RS8BMC firmware for ESC8000 G4/10GBMC firmware for Z11PA-D8CBMC firmware for RS500A-E9 RS4BMC firmware for RS300-E10-RS4BMC firmware for RS300-E10-PS4BMC firmware for RS700A-E9-RS4V2BMC firmware for WS C422 PRO/SEBMC firmware for RS520-E9-RS12-EBMC firmware for WS X299 PRO/SEBMC firmware for RS720A-E9-RS24-E
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-37184
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.16% / 37.67%
||
7 Day CHG-0.01%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found