Search criteria
1 vulnerability by Dream Security Co.,Ltd
CVE-2021-26606 (GCVE-0-2021-26606)
Vulnerability from cvelistv5 – Published: 2021-08-06 14:08 – Updated: 2024-09-16 22:46
VLAI?
Summary
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dream Security Co.,Ltd | MagicLine4NX.exe |
Affected:
1.0.0.17 , < 1.0.0.18
(custom)
|
Credits
Thanks to Yoonho Kim for reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "MagicLine4NX.exe",
"vendor": "Dream Security Co.,Ltd",
"versions": [
{
"lessThan": "1.0.0.18",
"status": "affected",
"version": "1.0.0.17",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Yoonho Kim for reporting this vulnerability."
}
],
"datePublic": "2021-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-06T14:08:10",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174"
}
],
"solutions": [
{
"lang": "en",
"value": "Update software over 1.0.0.18 version or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DreamSecurity MagicLine Buffer Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC": "2021-08-06T01:26:00.000Z",
"ID": "CVE-2021-26606",
"STATE": "PUBLIC",
"TITLE": "DreamSecurity MagicLine Buffer Overflow Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MagicLine4NX.exe",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "1.0.0.17",
"version_value": "1.0.0.18"
}
]
}
}
]
},
"vendor_name": "Dream Security Co.,Ltd"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Yoonho Kim for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174",
"refsource": "MISC",
"url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update software over 1.0.0.18 version or higher."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2021-26606",
"datePublished": "2021-08-06T14:08:10.591796Z",
"dateReserved": "2021-02-03T00:00:00",
"dateUpdated": "2024-09-16T22:46:44.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}