Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-10238

Summary
Assigner-Supermicro
Assigner Org ID-def9a96e-e099-41a9-bfac-30fd4f82c411
Published At-04 Feb, 2025 | 08:00
Updated At-04 Feb, 2025 | 14:33
Rejected At-
Credits

fld->used_bytes without sanity check causes stack overflow

A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Supermicro
Assigner Org ID:def9a96e-e099-41a9-bfac-30fd4f82c411
Published At:04 Feb, 2025 | 08:00
Updated At:04 Feb, 2025 | 14:33
Rejected At:
▼CVE Numbering Authority (CNA)
fld->used_bytes without sanity check causes stack overflow

A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.

Affected Products
Vendor
SMCI
Product
MBD-X12DPG-OA6
Platforms
  • BMC
Default Status
unaffected
Versions
Affected
  • 1.04.16 (BMC)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-112CAPEC-112: Overflow Buffers
CAPEC ID: CAPEC-112
Description: CAPEC-112: Overflow Buffers
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025
N/A
Hyperlink: https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:def9a96e-e099-41a9-bfac-30fd4f82c411
Published At:04 Feb, 2025 | 08:15
Updated At:04 Feb, 2025 | 08:15

A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-121Secondarydef9a96e-e099-41a9-bfac-30fd4f82c411
CWE ID: CWE-121
Type: Secondary
Source: def9a96e-e099-41a9-bfac-30fd4f82c411
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025def9a96e-e099-41a9-bfac-30fd4f82c411
N/A
Hyperlink: https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025
Source: def9a96e-e099-41a9-bfac-30fd4f82c411
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

232Records found
CVE-2023-25107
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25085
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.44%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25109
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25090
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25106
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25117
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25103
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25088
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25115
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.30%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25098
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-15 Nov, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36301
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-13.33% / 93.91%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 20:00
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac8_firmwareemc_idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36347
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.2||MEDIUM
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-16 Sep, 2024 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.

Action-Not Available
Vendor-Dell Inc.
Product-integrated_dell_remote_access_controller_9integrated_dell_remote_access_controller_8_firmwareintegrated_dell_remote_access_controller_8integrated_dell_remote_access_controller_9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25091
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25119
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25102
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25121
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25108
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25097
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25112
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.30%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-18 Nov, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25095
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25111
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25093
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-14 Nov, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable..

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25087
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-15 Nov, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-15695
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-7.2||HIGH
EPSS-3.42% / 87.00%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 15:24
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Action-Not Available
Vendor-tigervncopenSUSEKaspersky Lab
Product-tigervncleapTigerVNC
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-20250
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.57%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 16:59
Updated-24 Oct, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmwaresmall_business_rv_series_router_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1332
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:41
Updated-08 Nov, 2024 | 23:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1183
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1198
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:22
Updated-12 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1177
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:20
Updated-12 Nov, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1331
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:41
Updated-08 Nov, 2024 | 23:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-25478
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.2||HIGH
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:09
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33549
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-89.59% / 99.53%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in action parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-33547
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-19.04% / 95.10%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-39357
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.47% / 63.47%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-33545
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-19.04% / 95.10%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in counter parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33546
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-19.04% / 95.10%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in name parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-23851
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 46.46%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:03
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow vulnerability in the recovery image web-based interface

A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-flexidome_ip_panoramic_6000dinion_hd_720pdinion_ip_starlight_7000_hddinion_ip_ultra_8000flexidome_ip_starlight_7000_firmwareflexidome_ip_indoor_5000_hddinion_ip_5000_hddinion_ip_bullet_4000_firmwareflexidome_ip_starlight_5000i_firmwaremic_ip_starlight_7000ip_micro_2000_firmwaredinion_ip_starlight_7000_firmwaredinion_ip_thermal_8000_firmwaredinion_ip_bullet_4000autodome_ip_5000iautodome_ip_4000_hddinion_ip_bullet_5000autodome_ip_starlight_5000i_firmwaremic_ip_starlight_7100i_firmwaredinion_ip_thermal_9000_rmflexidome_corner_9000_mp_firmwareflexidome_ip_micro_2000_ipdinion_hd_1080pdinion_ip_starlight_8000_firmwareflexidome_ip_5000i_firmwareflexidome_hd_1080p_firmwarevandal-proof_flexidome_hd_1080p_hdrflexidome_ip_starlight_8000idinion_hd_1080p_hdr_firmwaremic_ip_starlight_7000i_firmwareip_bullet_5000_hd_firmwareip_bullet_4000_hd_firmwareflexidome_ip_micro_2000_hdmic_ip_starlight_7100iflexidome_ip_outdoor_4000_hd_firmwaredinion_ip_bullet_5000i_firmwaredinion_hd_720p_firmwareflexidome_ip_indoor_5000_hd_firmwareautodome_ip_5000i_firmwareautodome_ip_4000_hd_firmwareflexidome_ip_starlight_6000_firmwareautodome_ip_5000_ir_firmwareflexidome_ip_panoramic_5000_firmwareflexidome_ip_micro_2000_hd_firmwaremic_ip_fusion_9000iflexidome_ip_starlight_7000flexidome_ip_indoor_4000_hd_firmwareflexidome_ip_outdoor_4000_irflexidome_ip_outdoor_4000_ir_firmwareflexidome_ip_micro_5000_mp_firmwaredinion_hd_1080p_hdrflexidome_ip_outdoor_5000_hd_firmwaremic_ip_starlight_7000idinion_ip_starlight_6000autodome_7000autodome_ip_starlight_7000i_firmwareflexidome_ip_starlight_8000i_firmwaremic_ip_starlight_7000_firmwareip_bullet_4000_hdvandal-proof_flexidome_hd_1080p_firmwareflexidome_hd_1080p_hdrdinion_ip_5000_mp_firmwareaviotec_ip_starlight_8000_firmwareip_micro_2000_hddinion_ip_starlight_8000dinion_ip_thermal_8000flexidome_ip_panoramic_6000_firmwaredinion_ip_bullet_6000iflexidome_ip_starlight_6000dinion_ip_starlight_7000_hd_firmwareflexidome_ip_micro_2000_ip_firmwareflexidome_hd_720p_firmwaredinion_hd_1080p_firmwareflexidome_ip_panoramic_7000_firmwareflexidome_ip_panoramic_5000flexidome_ip_indoor_5000_mpdinion_ip_ultra_8000_firmwaredinion_ip_bullet_4000iflexidome_ip_outdoor_4000_hddinion_ip_3000iautodome_ip_starlight_7000iip_micro_2000_hd_firmwaredinion_ip_bullet_4000i_firmwarevandal-proof_flexidome_hd_1080p_hdr_firmwaredinion_ip_starlight_6000_firmwaremic_ip_dynamic_7000mic_ip_ultra_7100iflexidome_ip_indoor_4000_irtinyon_ip_2000dinion_ip_3000i_firmwaredinion_ip_starlight_7000dinion_ip_4000_hdflexidome_hd_1080p_hdr_firmwareflexidome_ip_outdoor_5000_mpvandal-proof_flexidome_hd_1080pmic_ip_fusion_9000i_firmwareautodome_ip_5000_irflexidome_ip_3000i_firmwaredinion_imager_9000_hdmic_ip_ultra_7100i_firmwareflexidome_corner_9000_mpautodome_ip_5000_hd_firmwaredinion_ip_5000_hd_firmwaredinion_ip_5000_mpmic_ip_dynamic_7000_firmwareflexidome_ip_4000iaviotec_ip_starlight_8000flexidome_ip_indoor_4000_ir_firmwareip_bullet_5000_hdflexidome_ip_outdoor_5000_mp_firmwarevandal-proof_flexidome_hd_720p_firmwareautodome_ip_4000i_firmwaretinyon_ip_2000_firmwareflexidome_ip_outdoor_5000_hdflexidome_ip_4000i_firmwaredinion_ip_4000_hd_firmwaredinion_ip_thermal_9000_rm_firmwareflexidome_ip_starlight_5000idinion_ip_bullet_5000iflexidome_ip_indoor_4000_hdflexidome_hd_1080pdinion_ip_bullet_5000_firmwareautodome_ip_4000iautodome_7000_firmwareflexidome_ip_micro_5000_mpdinion_ip_bullet_6000i_firmwaredinion_imager_9000_hd_firmwareflexidome_ip_5000iip_micro_2000flexidome_hd_720pvandal-proof_flexidome_hd_720pautodome_ip_starlight_5000iflexidome_ip_indoor_5000_mp_firmwareflexidome_ip_3000iflexidome_ip_panoramic_7000autodome_ip_5000_hdCPP Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-23850
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 49.93%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:03
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow vulnerability in the recovery image telnet server

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-flexidome_ip_panoramic_6000dinion_hd_720pdinion_ip_starlight_7000_hddinion_ip_ultra_8000flexidome_ip_starlight_7000_firmwareflexidome_ip_indoor_5000_hddinion_ip_5000_hddinion_ip_bullet_4000_firmwareflexidome_ip_starlight_5000i_firmwaremic_ip_starlight_7000ip_micro_2000_firmwaredinion_ip_starlight_7000_firmwaredinion_ip_thermal_8000_firmwaredinion_ip_bullet_4000autodome_ip_5000iautodome_ip_4000_hddinion_ip_bullet_5000autodome_ip_starlight_5000i_firmwaremic_ip_starlight_7100i_firmwaredinion_ip_thermal_9000_rmflexidome_corner_9000_mp_firmwareflexidome_ip_micro_2000_ipdinion_hd_1080pdinion_ip_starlight_8000_firmwareflexidome_ip_5000i_firmwareflexidome_hd_1080p_firmwarevandal-proof_flexidome_hd_1080p_hdrflexidome_ip_starlight_8000idinion_hd_1080p_hdr_firmwaremic_ip_starlight_7000i_firmwareip_bullet_5000_hd_firmwareip_bullet_4000_hd_firmwareflexidome_ip_micro_2000_hdmic_ip_starlight_7100iflexidome_ip_outdoor_4000_hd_firmwaredinion_ip_bullet_5000i_firmwaredinion_hd_720p_firmwareflexidome_ip_indoor_5000_hd_firmwareautodome_ip_5000i_firmwareautodome_ip_4000_hd_firmwareflexidome_ip_starlight_6000_firmwareautodome_ip_5000_ir_firmwareflexidome_ip_panoramic_5000_firmwareflexidome_ip_micro_2000_hd_firmwaremic_ip_fusion_9000iflexidome_ip_starlight_7000flexidome_ip_indoor_4000_hd_firmwareflexidome_ip_outdoor_4000_irflexidome_ip_outdoor_4000_ir_firmwareflexidome_ip_micro_5000_mp_firmwaredinion_hd_1080p_hdrflexidome_ip_outdoor_5000_hd_firmwaremic_ip_starlight_7000idinion_ip_starlight_6000autodome_7000autodome_ip_starlight_7000i_firmwareflexidome_ip_starlight_8000i_firmwaremic_ip_starlight_7000_firmwareip_bullet_4000_hdvandal-proof_flexidome_hd_1080p_firmwareflexidome_hd_1080p_hdrdinion_ip_5000_mp_firmwareaviotec_ip_starlight_8000_firmwareip_micro_2000_hddinion_ip_starlight_8000dinion_ip_thermal_8000flexidome_ip_panoramic_6000_firmwaredinion_ip_bullet_6000iflexidome_ip_starlight_6000dinion_ip_starlight_7000_hd_firmwareflexidome_ip_micro_2000_ip_firmwareflexidome_hd_720p_firmwaredinion_hd_1080p_firmwareflexidome_ip_panoramic_7000_firmwareflexidome_ip_panoramic_5000flexidome_ip_indoor_5000_mpdinion_ip_ultra_8000_firmwaredinion_ip_bullet_4000iflexidome_ip_outdoor_4000_hddinion_ip_3000iautodome_ip_starlight_7000iip_micro_2000_hd_firmwaredinion_ip_bullet_4000i_firmwarevandal-proof_flexidome_hd_1080p_hdr_firmwaredinion_ip_starlight_6000_firmwaremic_ip_dynamic_7000mic_ip_ultra_7100iflexidome_ip_indoor_4000_irtinyon_ip_2000dinion_ip_3000i_firmwaredinion_ip_starlight_7000dinion_ip_4000_hdflexidome_hd_1080p_hdr_firmwareflexidome_ip_outdoor_5000_mpvandal-proof_flexidome_hd_1080pmic_ip_fusion_9000i_firmwareautodome_ip_5000_irflexidome_ip_3000i_firmwaredinion_imager_9000_hdmic_ip_ultra_7100i_firmwareflexidome_corner_9000_mpautodome_ip_5000_hd_firmwaredinion_ip_5000_hd_firmwaredinion_ip_5000_mpmic_ip_dynamic_7000_firmwareflexidome_ip_4000iaviotec_ip_starlight_8000flexidome_ip_indoor_4000_ir_firmwareip_bullet_5000_hdflexidome_ip_outdoor_5000_mp_firmwarevandal-proof_flexidome_hd_720p_firmwareautodome_ip_4000i_firmwaretinyon_ip_2000_firmwareflexidome_ip_outdoor_5000_hdflexidome_ip_4000i_firmwaredinion_ip_4000_hd_firmwaredinion_ip_thermal_9000_rm_firmwareflexidome_ip_starlight_5000idinion_ip_bullet_5000iflexidome_ip_indoor_4000_hdflexidome_hd_1080pdinion_ip_bullet_5000_firmwareautodome_ip_4000iautodome_7000_firmwareflexidome_ip_micro_5000_mpdinion_ip_bullet_6000i_firmwaredinion_imager_9000_hd_firmwareflexidome_ip_5000iip_micro_2000flexidome_hd_720pvandal-proof_flexidome_hd_720pautodome_ip_starlight_5000iflexidome_ip_indoor_5000_mp_firmwareflexidome_ip_3000iflexidome_ip_panoramic_7000autodome_ip_5000_hdCPP Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-10193
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-34.56% / 96.86%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 18:30
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.Redis Inc.
Product-ubuntu_linuxcommunications_operations_monitordebian_linuxenterprise_linux_server_ausopenstackenterprise_linuxredisenterprise_linux_eusenterprise_linux_server_tusredis
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39603
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.47% / 63.47%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-38509
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-0.57% / 67.59%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 19:45
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.

Action-Not Available
Vendor-Lenovo Group Limited
Product-XClarity Controllerthinksystem_sr670_firmwarethinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinksystem_sr675_v3_firmwarethinksystem_sr850_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx2330_firmwarethinksystem_sd665_v3_firmwarethinksystem_sr665_v3_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3530-h_firmwarethinksystem_sr850_v3_firmwarethinksystem_st250_v2_firmwarethinkagile_vx1320_firmwarethinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_mx3331-h_firmwarethinkagile_hx7530_firmwarethinksystem_sr645_v3_firmwarethinkagile_mx3531-f_firmwarethinkagile_vx7530_firmwarethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinksystem_sr860_v3_firmwarethinkagile_vx5520_firmwarethinkagile_hx_enclosure_certified_node_firmwarethinksystem_st550_firmwarethinkagile_hx1521-r_firmwarethinkagile_mx1020_firmwarethinkagile_hx7520_firmwarethinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinksystem_sr150_firmwarethinkagile_hx7820_firmwarethinkagile_vx7320_n_firmwarethinksystem_sn850_firmwarethinkagile_hx1021_edg_firmwarethinkstation_p920_workstation_firmwarethinkagile_hx3720_firmwarethinkagile_hx7521_firmwarethinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinksystem_st250_firmwarethinksystem_sd650_dual_node_tray_firmwarethinkagile_hx5530_firmwarethinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinkagile_hx3330_firmwarethinksystem_sd530_firmwarethinksystem_st658_v3_firmwarethinksystem_sr670_v2_firmwarethinkagile_hx3321_firmwarethinksystem_sr630_v3_firmwarethinkagile_hx5521-c_firmwarethinkagile_mx3331-f_firmwarethinksystem_sr655_v3_firmwarethinkagile_hx2320-e_firmwarethinksystem_sn550_firmwarethinkagile_hx3331thinksystem_sr250_firmwarethinksystem_sr258_firmwarethinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_vx3720_firmwarethinkagile_hx1520-r_firmwarethinksystem_sr630_firmwarethinkagile_hx2321_firmwarethinkagile_vx7520_n_firmwarethinkagile_hx3721_firmwarethinksystem_sr860_v2_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr550_firmwarethinksystem_sr850p_firmwarethinksystem_sr635_firmwarethinkagile_hx1321_firmwarethinkagile_hx1320_firmwarethinkagile_hx7531_firmwarethinksystem_sd650_v3_firmwarethinksystem_sr258_v2_firmwarethinkagile_vx3331_firmwarethinkagile_hx3320_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_hx2331_firmwarethinkagile_vx2330_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinksystem_st258_v2_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_st258_firmwarethinksystem_st650_v3_firmwarethinkagile_hx3376_firmwarethinkagile_hx5531_firmwarethinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinksystem_sr850_firmwarethinkagile_hx7821_firmwarethinkagile_vx5530_firmwarethinkagile_vx3330_firmwarethinksystem_sr590_firmwarethinksystem_st658_v2_firmwarethinksystem_sr645_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-31163
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-2.27% / 83.99%
||
7 Day CHG-0.95%
Published-14 Jun, 2024 | 06:52
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS Download Master - Buffer Overflow

ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-Download Master
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-27459
Matching Score-4
Assigner-OpenVPN Inc.
ShareView Details
Matching Score-4
Assigner-OpenVPN Inc.
CVSS Score-7.2||HIGH
EPSS-5.42% / 89.77%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 10:14
Updated-23 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

Action-Not Available
Vendor-openvpnOpenVPNopenvpn
Product-openvpnOpenVPN GUIopenvpn_gui
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39757
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.47% / 63.47%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-39359
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.47% / 63.47%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-36493
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.47% / 63.47%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-34884
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-0.18% / 39.49%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:32
Updated-27 Mar, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sn550thinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinksystem_sr158thinkagile_hx3721thinksystem_sd630_v2_firmwarethinksystem_sr665_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3531_h_firmwarethinksystem_st250thinkagile_vx1320_firmwarethinksystem_sr850thinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_vx7820thinksystem_sn850thinkagile_hx5520thinkagile_vx7530_firmwarethinkagile_vx3320thinkagile_vx5520_firmwarethinkagile_hx_enclosure_certified_node_firmwarethinksystem_st550_firmwarethinksystem_sr630thinksystem_sr950thinkagile_vx7320_nthinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320thinkagile_vx7520_nthinksystem_sd650_dwc_firmwarethinkagile_hx7520_firmwarethinkagile_vx_2u4nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_hx5520-cthinksystem_sr630_v2thinksystem_sr860_v2thinkagile_hx7820_firmwarethinkagile_hx3720thinksystem_sd530thinksystem_sn850_firmwarethinkagile_vx_4u_firmwarethinksystem_st650_v2thinksystem_sr258_v2thinkagile_hx7521_firmwarethinkagile_hx1021thinkagile_hx3375thinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_vx3330thinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinksystem_st250_firmwarethinksystem_sr570thinksystem_sd650-n_v2thinkagile_vx7520thinkagile_hx3321_firmwarethinksystem_sr670_v2_firmwarethinksystem_sr670_v2thinkagile_vx_4uthinkagile_mx3331-f_firmwarethinkagile_hx2320-e_firmwarethinkagile_hx7521thinkagile_vx5520thinksystem_sr550thinkagile_mx3330-hthinkagile_vx7530thinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_mx3530-hthinksystem_st250_v2thinkagile_hx2321_firmwarethinkagile_hx2321thinkagile_hx3721_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr860_v2_firmwarethinksystem_sr850p_firmwarethinksystem_st258thinkagile_hx1320thinkagile_hx1321_firmwarethinkagile_vx_1se_certified_nodethinksystem_sr850pthinkagile_hx1320_firmwarethinksystem_sn550_v2thinkstation_p920_firmwarethinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkagile_hx3521-gthinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinkagile_mx3330-fthinksystem_st258_v2_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinkagile_hx7821_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinksystem_st550thinkagile_vx3520-gthinksystem_st658_v2_firmwarethinkagile_vx7531thinkagile_vx_2u4n_firmwarethinksystem_sr670_firmwarethinksystem_sr150thinkagile_vx3720thinksystem_sr850_v2_firmwarethinksystem_sr250_v2thinksystem_sd650_v2_firmwarethinkagile_mx1021_firmwarethinkagile_mx3530-h_firmwarethinkagile_hx1321thinksystem_st250_v2_firmwarethinkagile_hx7520thinkagile_mx3331-h_firmwarethinkagile_hx2720-ethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinkagile_hx3321thinksystem_sr530thinksystem_sr250thinkagile_hx5520_firmwarethinksystem_sr850_v2thinksystem_se350thinkagile_mx1020_firmwarethinkagile_mx1020thinksystem_sr665thinksystem_sr150_firmwarethinkagile_hx3520-gthinkedge_se450_firmwarethinkagile_vx7320_n_firmwarethinksystem_sr860thinkagile_hx7821thinkagile_hx3720_firmwarethinkagile_hx5521_firmwarethinksystem_sr645_firmwarethinkedge_se450thinkagile_hx_enclosure_certified_nodethinkagile_hx1021_firmwarethinkagile_vx3331thinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinksystem_sd530_firmwarethinkagile_mx3331-hthinkagile_hx5521-c_firmwarethinksystem_sd650_v2thinkstation_p920thinkagile_vx_1se_certified_node_firmwarethinksystem_sr650_v2thinkagile_vx7330thinksystem_sn550_firmwarethinkagile_hx5521-cthinksystem_sr250_firmwarethinksystem_sr258_firmwarethinksystem_sr590_firmwarethinkagile_mx3530_fthinkagile_hx1520-rthinksystem_sd630_v2thinksystem_sd650_dwcthinkagile_hx1521-rthinkagile_hx1520-r_firmwarethinkagile_hx3320thinkagile_vx3720_firmwarethinksystem_sr630_firmwarethinkagile_mx1021thinkagile_vx7520_n_firmwarethinksystem_sr550_firmwarethinkagile_hx2320-ethinkagile_vx5530thinkagile_mx3331-fthinkagile_vx1320thinksystem_sr645thinksystem_sr670thinksystem_sr590thinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_vx2330_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinkagile_hx3376thinkagile_mx3531_hthinkagile_vx5530_firmwarethinkagile_vx3530-gthinksystem_sr650thinksystem_sr258thinkagile_hx5521thinkagile_mx3531-fthinkagile_mx3531-f_firmwareLenovo XClarity Controller
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-51979
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.2||HIGH
EPSS-0.22% / 44.65%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 07:20
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated stack based buffer overflow affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Konica Minolta, Inc.

An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). The malformed request will contain an empty Origin header value and a malformed Referer header value. The Referer header value will trigger a stack based buffer overflow when the host value in the Referer header is processed and is greater than 64 bytes in length.

Action-Not Available
Vendor-FUJIFILM Business InnovationKonica Minolta, Inc.Brother Industries, LtdRicoh Company, Ltd.
Product-HL-L3210CWDCP-L2640DWMFC-L2690DWHL-L3295CDWTD-2320DSAMFC-L3745CDWDCP-T420WHL-J6010DWHL-EX470WHL-L8245CDWDCP-J572DWMFC-J893NMFC-J4440DWMFC-L2900DWDCP-L3528CDWMFC-L2886DWHL-L2386DWDCP-J4543NPT-E850TKW (for Vietnum)MFC-L8690CDWDCP-J982N-W/BTD-2125NMFC-L5850DWDCP-T835DWHL-L5212DNMFC-T920DWMFC-J3530DWHL-L2370DWXLDocuPrint P378 dMFC-L2715DW(for Tiwan, Koria)MFC-J939DNDCP-T436WMFC-L2835DWMFC-L2922DWMFC-L2800DWDCP-L2660DWMFC-J4535DW(XL)HL-B2080DWMFC-J5830DWMFC-L6900DWMFC-L2765DWDCP-T820DWPT-D800WMFC-J5335DWHL-L8260CDWHL-L6412DWDCP-L1632WMFC-L2960DWDCP-L2508DWHL-L2460DWDCP-J772DWMFC-L3755CDWMFC-T930DWPT-E550W (for US, EU)PT-E550W (for Tiwan, Hongkong)HL-L2375DWMFC-L8610CDWDocuPrint P360 dwMFC-4340DWEMFC-J5930DWMFC-EX670WDCP-J4140NPT-P950NWMFC-J5800CDWDCP-L8410CDWDCP-B7600DBMFC-J815DW XLDCP-B7638DNSP 230DNwDCP-L2640DNHL-L9430CDNDCP-L2647DWTD-2350DFMFC-J2340DWDCP-J928N-WBDCP-L3560CDWHL-L3300CDWHL-J7010CDWRJ-4250WBHL-L5215DNHL-L5102DWMFC-J7300CDWHL-L6300DWTTD-2130NDCP-T435WDCP-L5650DNMFC-L6810DWPJ-773DocuPrint M375 zMFC-J2330DWMFC-L3750CDWMFC-L2760DWMFC-J4940DNPT-E550W (for Russia)PT-E800WMFC-L5710DNDCP-L1638WSP-1HL-L6310DWDCP-T535DWMFC-J998DNHL-5595DNHHL-L2390DWQL-1115NWBMFC-8540DNDCP-L5600DNMFC-J998DWNTD-2135NMFC-J5945DWDCP-7190DNMFC-L5702DWHL-L2371DNPT-E850TKW (for Tiwan)MFC-L6720DWMFC-J5955DWHL-L6250DNMFC-J1170DWMFC-J890DWMFC-L3730CDNMFC-L6902DWMFC-J5630CDWDCP-J1700DWDCP-L2531DWHL-L5050DNDCP-B7548WMFC-L9610CDNMFC-L6702DWDCP-J987N-BHL-L5200DWDCP-T439WHL-L5228DWMFC-9150CDNHL-L2461DNHL-L2395DWMFC-J4540NDCP-J973N-W/BMFC-L8340CDWDCP-L2532DWRJ-2140HL-L9470CDNDCP-B7520DWMFC-J4345DW XLDCP-B7648DWHL-L3220CWEQL-810WcMFC-L3735CDNMFC-J7700CDWDCP-T825DWHL-L5100DNMFC-J898NMFC-L2750DWRHL-L2357DWDocuPrint P375 dwHL-B2100DBHL-L8360CDWTHL-L2325DWQL-1110NWBcMFC-L6820DWMFC-7890DNMFC-J1215WMFC-L5710DWMFC-L5902DWDCP-L3555CDWDCP-T735DWMFC-J6945DWMFC-B7811DWRJ-2050HL-L6410DNMFC-L5802DWHL-B2181DWMFC-L5912DWMFC-L5715DWMFC-J2740DWMFC-J805DWMFC-L2820DWXLHL-L8230CDWMFC-L2900DWXLMFC-J6980CDWDCP-J577NHL-L6415DWTD-2320DHL-L1230WDCP-T428WMFC-J6999CDWDCP-J981NDCP-L2551DWDocuPrint M378 dSP-1 (for Japan)DCP-J582NHL-L3240CDWMFC-J3540DWDocuPrint P285 dwDocuPrint P288 dwDCP-T525WDCP-J1203NHL-L2460DNDCP-T710W(for China)DCP-J1200W(XL)MFC-J4440NHL-L6415DWTMFC-J995DWTD-4420DNZDCP-B7578DWMFC-J6930DWMFC-J904NHL-L6217DWMFC-L6800DWHL-L6202DWHL-L2460DWXLMFC-L2712DNDCP-L5602DNDCP-T725DWDocuPrint P235 dHL-2595DWHL-L2467DWHL-L2351DWPT-E850TKW (for UAE)MFC-L2710DWRHL-5590DNMFC-J6583CDWDCP-T510WQL-1110NWBMFC-L2827DWTD-2350DSADCP-L5518DNMFC-J1800DWQL-820NWBHL-L8260CDNDocuPrint M378 dfHL-L2352DWMFC-T910DWMFC-J4443NDocuPrint P388 dwMFC-J6535DWDCP-J972NMFC-L5755DWDCP-T520WMFC-L2730DNMFC-L2827DWXLbizhub 5020iTD-4420DNDCP-T425WDCP-J987N-WMFC-J5855DW XLMFC-J7500CDWTD-2350DDCP-L2550DW(TWN)HL-L3280CDWMFC-J905NMFC-T925DWDocuPrint P275 dwMFC-L2862DWDCP-J914NMFC-L2771DWHL-L2440DWMFC-L6970DWMFC-J6995CDWMFC-L2980DWHL-L2370DWMFC-J4540DW(XL)DCP-L2535DWHL-L6210DWMFC-T4500DWMFC-L2770DWHL-L6402DWMFC-L9630CDNMFC-L5728DWDCP-L2551DNDCP-L2518DWHL-L2447DWMFC-J1605DNMFC-L2732DWDCP-L3550CDWMFC-J6957DWHL-L2420DWHL-L9410CDNDCP-L2530DWDCP-L1630WHL-L1238WMFC-L6750DWDCP-L3510CDWMFC-J995DW XLMFC-L6710DWMFC-J3930DWDCP-L2627DWEPT-E550W (for Vietnum)HL-L3290CDWDCP-L2548DWMFC-L5717DWMFC-J5345DWDCP-T236HL-B2150WDCP-C1210NMFC-J5740DWMFC-L2717DWMFC-L5750DWMFC-L5900DWDCP-L2550DNMFC-L3770CDWDCP-J1800DWHL-L5210DNMFC-J6947DWHL-EX415DWHL-J6000CDWHL-L2405WHL-L6210DWTHL-L6400DWMFC-L2751DWFAX-L2710DNDCP-L2680DWMFC-L6912DWHL-L5212DWDCP-J978N-W/BMFC-B7800DNMFC-L8390CDWTD-2310DHL-B2180DWBHL-3190CDWDocuPrint M275 zMFC-J5845DW(XL)DCP-C421WDCP-9030CDNHL-L3288CDWMFC-J5340DWMFC-J6959DWMFC-7895DWMFC-L2807DWbizhub 4020iDCP-J526NHL-L2370DNHL-L1808WMFC-L8610CDW(for Japan)DCP-L2600DWHL-B2158WMFC-T935DWMFC-L9635CDNDCP-L5660DNDCP-J915NDCP-L2627DWXLDCP-T830DWDocuPrint P378 dwDCP-L2550DWMFC-L6915DN CSPMFC-L2730DWRMFC-J6530DWHL-B2180DWHL-L2376DWHL-L6200DWQL-820NWBcMFC-J5340DWEbizhub 5000iMFC-J1500NDCP-L5512DNNFC-J903NHL-B2188DWMFC-L3740CDWEDCP-J1200WEMFC-B7810DWBMFC-J5730DWMFC-J690DWHL-L2350DWMFC-L2750DWXLDCP-T226MFC-L6915DNMFC-L5915DWHL-L6418DWDCP-L5510DWMFC-L2885DWHL-L2425DWADS-3000NTD-2350DFSAHL-L3270CDWMFC-L2730DWDCP-T710WHL-L3220CDWMFC-L2860DWDCP-T536DWDocuPrint M285 zHL-L6300DWMFC-L5800DWRJ-2150HL-L6450DWDCP-L3520CDWMFC-L2817DWDCP-J528NMFC-L2710DNDCP-L2550DNRDocuPrint P385 dwMFC-EX910MFC-L3740CDWDCP-L3515CDWMFC-L2820DWDCP-L1848Wbizhub 4000iMFC-L5700DNDocuPrint M288 dwDocuPrint M385 zMFC-J939DWNDCP-L5510DNHL-L6400DWTPT-P750WDCP-B7658DWDocuPrint M375 dfDCP-L2628DWM 340WMFC-L2860DWEMFC-J738DNHL-L2400DWEMFC-L2880DWDCP-L2605DWHL-L5210DWTMFC-L6950DWDCP-L2648DWDCP-J4143NHL-2590DNHL-L3220CWMFC-L3710CDWMFC-L2750DWMFC-B7720DNTD-4550DNWBMFC-T810W(for China)PT-E850TKW (for Thailand)PT-E550W (for Koria)MFC-L2716DWHL-L6200DWTHL-L5100DNTDocuPrint P375 dDCP-L2622DWHL-L6250DWHL-L5218DNMFC-L9570CDW(for Japan)HL-L2480DWMFC-L2710DWM 340FWHL-L2372DNHL-L1232WMFC-L3780CDWMFC-L2805DWMFC-L2710DNRMFC-J6935DWHL-L3228CDWHL-L9310CDWMFC-J3940DWMFC-J6555DW XLMFC-J6580CDWHL-L8360CDWADS-3600WMFC-L8900CDWMFC-J491DWDCP-T510W(for China)MFC-J1010DWHL-B2100DMFC-L6915DWDCP-J1200NDCP-L3520CDWEHL-L2865DWDCP-T230MFC-L2920DWMFC-L6900DWGMFC-J895DWMFC-B7810DWMFC-L3720CDWHL-L8240CDWDCP-T430WMFC-L3760CDWMFC-L3765CDWMFC-J6997CDWDCP-B7558WDCP-L2600DNFC-EX670MFC-J805DW XLDCP-B7608WPT-E850TKW (for China)DCP-7190DWMFC-J6730DWDCP-B7640DWDCP-J774DWMFC-L2712DWDCP-L2552DNMFC-J1012DWHL-L2385DWMFC-L2713DWDCP-L2625DWDCP-B7530DNFAX-L2800DWMFC-L2802DNMFC-J6983CDWMFC-J739DNHL-L3230CDWMFC-J6555DWDCP-T720DWDCP-L2627DWMFC-L5718DNMFC-L5715DNDCP-J1100DWDocuPrint M235 dwHL-L6400DWGPT-E550W (for Thailand)HL-J6000DWHL-L2370DNRDCP-B7620DWBDCP-7195DWHL-L6415DNHL-L2445DWMFC-J6940DWDCP-T238HL-L3230CDNHL-L5210DWDCP-B7535DWMFC-J4335DW(XL)MFC-J6740DWMFC-L9670CDNHL-L5215DWTD-4520DNMFC-J926N-WBADS-2800WMFC-EX915DWMFC-L2802DWRJ-3250WBMFC-J1300DWMFC-L2861DWMFC-T810WDCP-L2620DWMFC-L9570CDWMFC-J2730DWDCP-T225ADS-2400NDCP-7090DWMFC-J7100CDWMFC-L6700DWDCP-T730DWMFC-J1205W(XL)MFC-L3768CDWMFC-J739DWNDCP-B7628DWDCP-B7640DWBMFC-J6955DWMFC-L5700DWMFC-L2715DWDCP-B7650DWDCP-L3517CDWMFC-J5855DWMFC-J497DWDCP-J988NMFC-J6540DWEDCP-L2665DWPT-E850TKW (for Asia pacific, EU, US)HL-3160CDWDCP-L5662DNMFC-L9577CDWHL-L2400DWDCP-L3551CDWDocuPrint M288 zQL-810WHL-L5202DWMFC-J4340DW(XL)MFC-B7715DWDCP-T426WP 201WDCP-L5500DNSP 230SFNwMFC-J7600CDWDCP-B7600DDCP-L6600DWMFC-L2880DWXLPT-E550W (for China)MFC-J6540DWHL-JF1MFC-J5330DWPJ-883DCP-L3568CDWHL-L2375DWRDCP-L5502DNMFC-L2806DWMFC-9350CDWHL-T4000DWTD-2120NHL-L6415DN CSPPT-E850TKW (for Koria)HL-B2050DNDCP-J587NDocuPrint M235 zTD-2320DFMFC-L6910DNPT-P900WcDCP-J572NDCP-L2530DWRHL-5595DNHL-L5200DWTDCP-J1800NDCP-T530DWHL-J6100DWDCP-B7620DWDCP-L5652DNDCP-L5610DNHL-L2464DWHL-L3215CWHL-L2350DWRDCP-L2537DWMFC-L8395CDWMFC-J738DWNHL-L2465DWHL-L2475DWPT-P900WDCP-J1050DWDCP-T220DCP-J1140DWMFC-8530DN
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1339
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:41
Updated-08 Nov, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1202
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:15
Updated-12 Nov, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found