CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2024-39359 (GCVE-0-2024-39359)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wavlink | Wavlink AC3000 |
Affected:
M33A8.V5030.210505
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:36:51.819452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T15:37:00.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-14T16:04:03.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wavlink AC3000",
"vendor": "Wavlink",
"versions": [
{
"status": "affected",
"version": "M33A8.V5030.210505"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:21:21.683Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2040",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2040"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-39359",
"datePublished": "2025-01-14T14:21:21.683Z",
"dateReserved": "2024-06-28T18:06:07.280Z",
"dateUpdated": "2025-01-14T16:04:03.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39389 (GCVE-0-2024-39389)
Vulnerability from cvelistv5 – Published: 2024-08-14 15:05 – Updated: 2024-08-16 04:01
VLAI
Title
Adobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability
Summary
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/indesig… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | InDesign Desktop |
Affected:
0 , ≤ ID18.5.2
(semver)
|
|
| adobe | indesign |
Affected:
0 , ≤ 19.4
(semver)
Affected: 0 , ≤ 18.5.2 (semver) cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* |
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "indesign",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "19.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "18.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T04:01:56.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T15:05:42.561Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39389",
"datePublished": "2024-08-14T15:05:42.561Z",
"dateReserved": "2024-06-24T20:32:06.588Z",
"dateUpdated": "2024-08-16T04:01:56.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39556 (GCVE-0-2024-39556)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:38 – Updated: 2024-08-02 04:26
VLAI
Title
Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow
Summary
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.
By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow.
This issue affects:
Junos OS:
* All versions before 21.4R3-S7,
* from 22.1 before 22.1R3-S6,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R1-S1, 23.4R2;
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* from 22.1-EVO before 22.1R3-S6-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S2-EVO,
* from 23.2-EVO before 23.2R2-EVO,
* from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA83016 | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S7
(semver)
Affected: 22.1 , < 22.1R3-S6 (semver) Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S2 (semver) Affected: 23.2 , < 23.2R2 (semver) Affected: 23.4 , < 23.4R1-S1, 23.4R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 21.4R3-S7-EVO
(semver)
Affected: 22.1-EVO , < 22.1R3-S6-EVO (semver) Affected: 22.2-EVO , < 22.2R3-S4-EVO (semver) Affected: 22.3-EVO , < 22.3R3-S3-EVO (semver) Affected: 22.4-EVO , < 22.4R3-S2-EVO (semver) Affected: 23.2-EVO , < 23.2R2-EVO (semver) Affected: 23.4-EVO , < 23.4R1-S1-EVO, 23.4R2-EVO (semver) |
|
| juniper | junos_os_evolved |
Affected:
0 , < 21.4r3-s7-evo
(semver)
Affected: 22.1-evo , < 22.1r3-s6-evo (semver) Affected: 22.2-evo , < 22.2r3-s4-evo (semver) Affected: 22.3-evo , < 22.3r3-s3-evo (semver) Affected: 22.4-evo , < 22.4r3-s3-evo (semver) Affected: 23.2-evo , < 23.2r2-evo (semver) cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:* |
|
| juniper | junos_os |
Affected:
0 , < 21.4r3-s7
(semver)
Affected: 22.1 , < 22.1r3-s6 (semver) Affected: 22.2 , < 22.2r3-s4 (semver) Affected: 22.3 , < 22.3r3-s3 (semver) Affected: 22.4 , < 22.4r3-s2 (semver) Affected: 23.2 , < 23.2r2 (semver) Affected: 23.4 , < 23.4r1-s1 (semver) Affected: 23.4 , < 23.4r2 (semver) Affected: 23.4-evo , < 23.4r1-s1-evo (semver) Affected: 23.4-evo , < 23.4r2-evo (semver) cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:* |
Date Public
2024-07-10 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7-evo",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s6-evo",
"status": "affected",
"version": "22.1-evo",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4-evo",
"status": "affected",
"version": "22.2-evo",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3-evo",
"status": "affected",
"version": "22.3-evo",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s3-evo",
"status": "affected",
"version": "22.4-evo",
"versionType": "semver"
},
{
"lessThan": "23.2r2-evo",
"status": "affected",
"version": "23.2-evo",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s1",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s1-evo",
"status": "affected",
"version": "23.4-evo",
"versionType": "semver"
},
{
"lessThan": "23.4r2-evo",
"status": "affected",
"version": "23.4-evo",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T03:55:17.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\u003cbr\u003e\u003cbr\u003eBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp;Junos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S1, 23.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\n\nBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\nThis issue affects:\n\n\u00a0Junos OS: \n\n\n * All versions before 21.4R3-S7, \n * from 22.1 before 22.1R3-S6, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2, \n * from 23.4 before 23.4R1-S1, 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 21.4R3-S7-EVO, \n * from 22.1-EVO before 22.1R3-S6-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S2-EVO, \n * from 23.2-EVO before 23.2R2-EVO, \n * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:38:44.894Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83016"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83016",
"defect": [
"1780283"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39556",
"datePublished": "2024-07-10T22:38:44.894Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-02T04:26:15.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39603 (GCVE-0-2024-39603)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wavlink | Wavlink AC3000 |
Affected:
M33A8.V5030.210505
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:43:11.151358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T15:43:34.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-14T16:04:09.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wavlink AC3000",
"vendor": "Wavlink",
"versions": [
{
"status": "affected",
"version": "M33A8.V5030.210505"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:21:20.463Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2042",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2042"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-39603",
"datePublished": "2025-01-14T14:21:20.463Z",
"dateReserved": "2024-06-28T18:06:04.170Z",
"dateUpdated": "2025-01-14T16:04:09.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39605 (GCVE-0-2024-39605)
Vulnerability from cvelistv5 – Published: 2024-11-11 14:57 – Updated: 2024-11-11 16:07
VLAI
Title
Delta Electronics DIAScreen Stack-based Buffer Overflow
Summary
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | DIAScreen |
Affected:
0 , < v1.5.0
(custom)
|
|
| deltaww | diascreen |
Affected:
0 , < 1.5.0
(custom)
cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "diascreen",
"vendor": "deltaww",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T16:07:18.069762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T16:07:22.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DIAScreen",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "v1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:57:23.741Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02"
},
{
"url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDelta Electronics has released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://diastudio.deltaww.com/home/downloads?sec=download\"\u003ev1.5.0 of DIAScreen (login required)\u003c/a\u003e\u0026nbsp;and recommends users install this update on all affected systems.\u003c/p\u003e\u003cp\u003eFor more information, please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en-US/Cybersecurity_Advisory\"\u003eDelta product cybersecurity advisory for these issues.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics has released v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads \u00a0and recommends users install this update on all affected systems.\n\nFor more information, please see the Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory"
}
],
"source": {
"advisory": "ICSA-24-312-02",
"discovery": "EXTERNAL"
},
"title": "Delta Electronics DIAScreen Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39605",
"datePublished": "2024-11-11T14:57:23.741Z",
"dateReserved": "2024-07-16T16:12:58.995Z",
"dateUpdated": "2024-11-11T16:07:22.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39757 (GCVE-0-2024-39757)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wavlink | Wavlink AC3000 |
Affected:
M33A8.V5030.210505
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:46:02.895167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T15:46:11.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-14T16:04:15.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wavlink AC3000",
"vendor": "Wavlink",
"versions": [
{
"status": "affected",
"version": "M33A8.V5030.210505"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:21:18.345Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2043",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2043"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-39757",
"datePublished": "2025-01-14T14:21:18.345Z",
"dateReserved": "2024-06-28T18:06:02.838Z",
"dateUpdated": "2025-01-14T16:04:15.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39779 (GCVE-0-2024-39779)
Vulnerability from cvelistv5 – Published: 2025-02-12 21:19 – Updated: 2025-02-13 20:17
VLAI
Summary
Stack-based buffer overflow in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access.
Severity
4.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial of Service
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Ethernet Connection I219 Series |
Affected:
before version 12.19.1.39
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T20:17:30.670184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T20:17:35.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Connection I219 Series",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 12.19.1.39"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en"
},
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T21:19:14.558Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00590.html",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00590.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-39779",
"datePublished": "2025-02-12T21:19:14.558Z",
"dateReserved": "2024-06-29T03:00:06.361Z",
"dateUpdated": "2025-02-13T20:17:35.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39791 (GCVE-0-2024-39791)
Vulnerability from cvelistv5 – Published: 2024-08-08 19:36 – Updated: 2024-08-21 20:05
VLAI
Title
Vonets WiFi Bridges Stack-based Buffer Overflow
Summary
Stack-based buffer overflow vulnerabilities affecting Vonets
industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enable an unauthenticated remote attacker to
execute arbitrary code.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
27 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vonets | VAR1200-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAR1200-L |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAR600-H |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11AC |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11G-500S |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VBG1200 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11S-5G |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11S |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAR11N-300 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11G-300 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11N-300 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11G |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VAP11G-500 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| Vonets | VGA-1000 |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
|
|
| vonets | var1200-h_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:* |
|
| vonets | var1200-l_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:* |
|
| vonets | var600-h_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:* |
|
| vonets | vap11ac_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:* |
|
| vonets | vap11g-500s_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:* |
|
| vonets | vbg1200_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:* |
|
| vonets | vap11s-5g_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:* |
|
| vonets | vap11s_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:* |
|
| vonets | var11n-300_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:* |
|
| vonets | vap11n-300_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:* |
|
| vonets | vap11g_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:* |
|
| vonets | vga-1000_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:* |
|
| vonets | vap11g-300_firmware |
Affected:
0 , ≤ 3.3.23.6.9
(custom)
cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var1200-l_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var600-h_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11ac_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-500s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vbg1200_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s-5g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11s_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "var11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vga-1000_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11g-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vap11n-300_firmware",
"vendor": "vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T14:39:45.672202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:05:07.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VAR1200-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR1200-L",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR600-H",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S-5G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11S",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAR11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11N-300",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11G-500",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VBG1200",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VAP11AC",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VGA-1000",
"vendor": "Vonets",
"versions": [
{
"lessThanOrEqual": "3.3.23.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wodzen reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based buffer overflow vulnerabilities affecting Vonets\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enable an unauthenticated remote attacker to \nexecute arbitrary code."
}
],
"value": "Stack-based buffer overflow vulnerabilities affecting Vonets\n\n\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions \n3.3.23.6.9 and prior, enable an unauthenticated remote attacker to \nexecute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:36:17.337Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
}
],
"source": {
"advisory": "ICSA-24-214-08",
"discovery": "EXTERNAL"
},
"title": "Vonets WiFi Bridges Stack-based Buffer Overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39791",
"datePublished": "2024-08-08T19:36:17.337Z",
"dateReserved": "2024-07-30T16:15:10.126Z",
"dateUpdated": "2024-08-21T20:05:07.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39880 (GCVE-0-2024-39880)
Vulnerability from cvelistv5 – Published: 2024-07-09 21:21 – Updated: 2025-08-27 20:42
VLAI
Title
Stack-based Buffer Overflow in Delta Electronics CNCSoft-G2
Summary
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | CNCSoft-G2 |
Affected:
2.0.0.5
|
|
| delta_electronics | cncsoft-g2 |
Affected:
2.0.0.5
cpe:2.3:a:delta_electronics:cncsoft-g2:2.0.0.5:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delta_electronics:cncsoft-g2:2.0.0.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cncsoft-g2",
"vendor": "delta_electronics",
"versions": [
{
"status": "affected",
"version": "2.0.0.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:58:44.937267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:57.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CNCSoft-G2",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "2.0.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.\u003c/span\u003e"
}
],
"value": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T23:12:00.978Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics recommends users update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1\u0026amp;q=cncsoft\u0026amp;sort_expr=cdate\u0026amp;sort_dir=DESC\"\u003eCNCSoft-G2 V2.1.0.10\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics recommends users update to CNCSoft-G2 V2.1.0.10 https://downloadcenter.deltaww.com/en-US/DownloadCenter \u00a0or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stack-based Buffer Overflow in Delta Electronics CNCSoft-G2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39880",
"datePublished": "2024-07-09T21:21:47.678Z",
"dateReserved": "2024-07-01T18:13:23.097Z",
"dateUpdated": "2025-08-27T20:42:57.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39950 (GCVE-0-2024-39950)
Vulnerability from cvelistv5 – Published: 2024-07-31 03:45 – Updated: 2025-09-30 03:39
VLAI
Summary
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dahua | NVR4XXX and IPC-HX8XXX |
Affected:
NVR4XXX and IPC-HX8XXX Versions which Build time before 2024/1/22
|
|
| dahuasecurity | nvr4832-i |
Affected:
0 , < 2024.2.2
(custom)
cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\/i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4416-4ks2\/i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\/i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4432-4ks2\/i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\/i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4816-4ks2\/i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\/i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4832-4ks2\/i:-:*:*:*:*:*:*:* cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:* |
|
| dahuasecurity | ipc-hf8xxx_firmware |
Affected:
0 , < 2024.2.2
(custom)
cpe:2.3:o:dahuasecurity:ipc-hf8xxx_firmware:-:*:*:*:*:*:*:* |
|
| dahuasecurity | ipc-hfw8xxx |
Affected:
0 , < 2024.2.2
(custom)
cpe:2.3:h:dahuasecurity:ipc-hfw8xxx:-:*:*:*:*:*:*:* |
Date Public
2024-07-31 03:42
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvr4832-i",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dahuasecurity:ipc-hf8xxx_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hf8xxx_firmware",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:dahuasecurity:ipc-hfw8xxx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hfw8xxx",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:04:00.945009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:12:46.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX and IPC-HX8XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX and IPC-HX8XXX Versions which Build time\u00a0before 2024/1/22"
}
]
}
],
"datePublic": "2024-07-31T03:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization."
}
],
"value": "A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:39:46.118Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39950",
"datePublished": "2024-07-31T03:45:12.977Z",
"dateReserved": "2024-07-05T03:08:11.185Z",
"dateUpdated": "2025-09-30T03:39:46.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.