Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-1051

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-02 Jun, 2025 | 19:05
Updated At-03 Jun, 2025 | 02:02
Rejected At-
Credits

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:02 Jun, 2025 | 19:05
Updated At:03 Jun, 2025 | 02:02
Rejected At:
▼CVE Numbering Authority (CNA)
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.

Affected Products
Vendor
Sonos
Product
Era 300
Default Status
unknown
Versions
Affected
  • 81.1-58074
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-25-311/
x_research-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-25-311/
Resource:
x_research-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:02 Jun, 2025 | 19:15
Updated At:15 Aug, 2025 | 16:28

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
sonos
sonos
>>era_300_firmware>>81.1-58074
cpe:2.3:o:sonos:era_300_firmware:81.1-58074:*:*:*:*:*:*:*
sonos
sonos
>>era_300>>-
cpe:2.3:h:sonos:era_300:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Primaryzdi-disclosures@trendmicro.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-122
Type: Primary
Source: zdi-disclosures@trendmicro.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zerodayinitiative.com/advisories/ZDI-25-311/zdi-disclosures@trendmicro.com
Third Party Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-25-311/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

171Records found
CVE-2023-32141
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.03%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the getpage and errorpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18419.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360dap-2020
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32136
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.98%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:menu parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18414.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32144
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.42%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18454.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5998
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.31%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20685
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:17
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, DM200 before 1.0.0.58, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwaredm200_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000dm200r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20682
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:13
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20640
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 17:12
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20683
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:15
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20684
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:16
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27369
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.63%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2009
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.68% / 70.56%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 19:57
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120665616

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34978
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.72%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6260r6260_firmwareR6260
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34980
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.22% / 45.05%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6260_firmwarer6260R6260
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34982
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-4.18% / 88.26%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-14 Aug, 2025 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6120r7000p_firmwarerax35v2v6510-1fxaus_firmwarerax45_firmwarerax15_firmwarev6510-1fxausex3700r7000pex7000_firmwarer8000_firmwareex6120_firmwarems80rax38v2_firmwared7000v2rax48_firmwarer6400_firmwarerax80r6400v2rax50srax35v2_firmwarer6700v3ex6130_firmwarer7000_firmwarers400r7850_firmwarer8300_firmwaredgn2200v4rax15d6220_firmwarerax200_firmwarer7850ex3800_firmwaremr80_firmwarers400_firmwarerax20_firmwarer8000p_firmwarerax40v2_firmwarer6900p_firmwarer7100lg_firmwared6400_firmwarerax43r7900plax20_firmwarewndr3400v3_firmwarexr300_firmwarer6900pex3700_firmwarerax20rax42_firmwareraxe450mr60raxe500_firmwaremr60_firmwarerax50dgn2200v4_firmwarexr300dc112alax20r7100lgms80_firmwarer6400v2_firmwarerax43_firmwarerax45rax75rax75_firmwarerax48rax50s_firmwarerax40v2ex7500_firmwared7000v2_firmwarerax200wnr3500lv2_firmwarer6700v3_firmwarems60ms60_firmwarer7900p_firmwarer6400rax80_firmwarexr1000r7000r8000wnr3500lv2rax50_firmwareex7500ex7000ex6130r7960p_firmwarer7960pmr80ex3800wndr3400v3raxe450_firmwarer8000pr8500rax38v2raxe500r8300d6400rax42r8500_firmwarexr1000_firmwared6220dc112a_firmwareMultiple Routersmultiple_router_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4833
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-1.01% / 76.16%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_wimaxscalance_x414simatic_rf182csimatic_rf182c_firmwarescalance_x408_firmwareruggedcom_wimax_firmwarescalance_x204rna_firmwarescalance_x300rfid_181-eip_firmwarescalance_x200irt_firmwarescalance_x300_firmwarescalance_x200irtscalance_x414_firmwarerfid_181-eipscalance_x200_firmwarescalance_x408scalance_x204rnascalance_x200RFID 181EIPSCALANCE X-200 switch family (incl. SIPLUS NET variants)SCALANCE X408SCALANCE X-200RNA switch familyRUGGEDCOM WinSCALANCE X414SIMATIC RF182CSCALANCE X-300 switch family (incl. SIPLUS NET variants)SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CVE-2018-21204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:11
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800wndr4500r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6496
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.35% / 86.82%
||
7 Day CHG~0.00%
Published-19 Jan, 2019 | 17:00
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.

Action-Not Available
Vendor-marvelln/a
Product-88w8801_firmware88w889788w8997_firmware88w8787_firmware88w878788w879788w8797_firmware88w899788w8897_firmware88w8801n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5948
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-4.30% / 88.43%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 19:40
Updated-07 Aug, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart boundaries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23170.

Action-Not Available
Vendor-deepseaelectronicsDeep Sea Electronicsdeep_sea_electronics
Product-dse855dse855_firmwareDSE855dse855
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-31439
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.03% / 76.49%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 00:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.

Action-Not Available
Vendor-netatalkDebian GNU/LinuxSynology, Inc.
Product-diskstation_managernetatalkdebian_linuxDiskStation Manager
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5999
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.75%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via blerequest command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6000
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.75%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found