CVE-2024-24051
Vulnerability from cvelistv5
Published
2024-06-12 00:00
Modified
2024-09-03 17:54
Severity ?
Summary
Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:19:51.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tkruppert/Reported_Vulnerabilities/blob/main/CVE-2024-24051.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24051",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T13:22:49.063413Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T17:54:54.432Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device\u0027s movable parts to destinations that exceed the devices\u0027 maximum coordinates via the printing of a malicious .gcode file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T17:47:57.073604",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/tkruppert/Reported_Vulnerabilities/blob/main/CVE-2024-24051.md"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-24051",
    "datePublished": "2024-06-12T00:00:00",
    "dateReserved": "2024-01-25T00:00:00",
    "dateUpdated": "2024-09-03T17:54:54.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-24051\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-06-12T18:15:10.920\",\"lastModified\":\"2024-11-20T19:16:25.340\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device\u0027s movable parts to destinations that exceed the devices\u0027 maximum coordinates via the printing of a malicious .gcode file.\"},{\"lang\":\"es\",\"value\":\"La validaci\u00f3n de entrada incorrecta de los archivos de impresi\u00f3n en Monoprice Select Mini V2 V37.115.32 permite a los atacantes indicar a las partes m\u00f3viles del dispositivo destinos que exceden las coordenadas m\u00e1ximas de los dispositivos mediante la impresi\u00f3n de un archivo .gcode malicioso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:monoprice:select_mini_3d_printer_v2_firmware:37.115.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D8D610F-4B1E-4736-AB77-311D52AAF424\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:monoprice:select_mini_3d_printer_v2:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCF0FA4C-6C8C-4A3E-BFC7-4973389ED13D\"}]}]}],\"references\":[{\"url\":\"https://github.com/tkruppert/Reported_Vulnerabilities/blob/main/CVE-2024-24051.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.