Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5214 vulnerabilities reference this CWE, most recent first.

CVE-2024-7581 (GCVE-0-2024-7581)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:00 – Updated: 2024-08-07 15:40
VLAI
Title
Tenda A301 WifiBasicSet formWifiBasicSet stack-based overflow
Summary
A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.273861 vdb-entrytechnical-description
https://vuldb.com/?ctiid.273861 signaturepermissions-required
https://vuldb.com/?submit.382745 third-party-advisory
https://github.com/BeaCox/IoT_vuln/tree/main/tend… exploit
Impacted products
Vendor Product Version
Tenda A301 Affected: 15.13.08.12
Create a notification for this product.
tenda a301_firmware Affected: 15.13.08.12
    cpe:2.3:o:tenda:a301_firmware:15.13.08.12:*:*:*:*:*:*:*
Create a notification for this product.
Credits
BeaCox (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:a301_firmware:15.13.08.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "a301_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "15.13.08.12"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7581",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T15:40:05.246414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:40:44.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "A301",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.13.08.12"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BeaCox (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Tenda A301 15.13.08.12 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion formWifiBasicSet der Datei /goform/WifiBasicSet. Mittels dem Manipulieren des Arguments security mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-07T15:00:09.496Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273861 | Tenda A301 WifiBasicSet formWifiBasicSet stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.273861"
        },
        {
          "name": "VDB-273861 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273861"
        },
        {
          "name": "Submit #382745 | Tenda A301 V15.13.08.12 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.382745"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/BeaCox/IoT_vuln/tree/main/tenda/A301/WifiBasicSet_bof"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-07T08:57:59.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda A301 WifiBasicSet formWifiBasicSet stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7581",
    "datePublished": "2024-08-07T15:00:09.496Z",
    "dateReserved": "2024-08-07T06:52:40.823Z",
    "dateUpdated": "2024-08-07T15:40:44.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7547 (GCVE-0-2024-7547)

Vulnerability from cvelistv5 – Published: 2024-08-05 23:54 – Updated: 2024-08-08 13:47
VLAI
Title
oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability
Summary
oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23460.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
oFono oFono Affected: 2.3
Create a notification for this product.
ofono ofono Affected: 2.3
    cpe:2.3:a:ofono:ofono:2.3:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-05 23:50
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ofono:ofono:2.3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ofono",
            "vendor": "ofono",
            "versions": [
              {
                "status": "affected",
                "version": "2.3"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7547",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T13:46:28.960057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T13:47:26.078Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "oFono",
          "vendor": "oFono",
          "versions": [
            {
              "status": "affected",
              "version": "2.3"
            }
          ]
        }
      ],
      "dateAssigned": "2024-08-05T23:36:07.135Z",
      "datePublic": "2024-08-05T23:50:47.259Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23460."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-05T23:54:15.115Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1087",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1087/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative"
      },
      "title": "oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-7547",
    "datePublished": "2024-08-05T23:54:15.115Z",
    "dateReserved": "2024-08-05T23:36:07.109Z",
    "dateUpdated": "2024-08-08T13:47:26.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7539 (GCVE-0-2024-7539)

Vulnerability from cvelistv5 – Published: 2024-08-05 23:53 – Updated: 2024-08-06 13:48
VLAI
Title
oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability
Summary
oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
oFono oFono Affected: 1.34
Create a notification for this product.
ofono ofono Affected: 1.34
    cpe:2.3:a:ofono:ofono:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-05 23:50
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ofono:ofono:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ofono",
            "vendor": "ofono",
            "versions": [
              {
                "status": "affected",
                "version": "1.34"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T13:46:50.756966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:48:46.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "oFono",
          "vendor": "oFono",
          "versions": [
            {
              "status": "affected",
              "version": "1.34"
            }
          ]
        }
      ],
      "dateAssigned": "2024-08-05T23:35:35.279Z",
      "datePublic": "2024-08-05T23:50:22.621Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-05T23:53:44.798Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1079",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1079/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Synacktiv (@Synacktiv)"
      },
      "title": "oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-7539",
    "datePublished": "2024-08-05T23:53:44.798Z",
    "dateReserved": "2024-08-05T23:35:35.254Z",
    "dateUpdated": "2024-08-06T13:48:46.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7538 (GCVE-0-2024-7538)

Vulnerability from cvelistv5 – Published: 2024-08-05 23:53 – Updated: 2024-08-06 19:55
VLAI
Title
oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability
Summary
oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT Commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23190.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
oFono oFono Affected: 1.34
Create a notification for this product.
ofono ofono Affected: 1.34
    cpe:2.3:a:ofono:ofono:1.34:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-05 23:50
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ofono:ofono:1.34:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ofono",
            "vendor": "ofono",
            "versions": [
              {
                "status": "affected",
                "version": "1.34"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7538",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T19:52:20.576165Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:55:03.568Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "oFono",
          "vendor": "oFono",
          "versions": [
            {
              "status": "affected",
              "version": "1.34"
            }
          ]
        }
      ],
      "dateAssigned": "2024-08-05T23:35:31.089Z",
      "datePublic": "2024-08-05T23:50:19.919Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.\n\nThe specific flaw exists within the parsing of responses from AT Commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23190."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-05T23:53:40.911Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1078",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1078/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Synacktiv (@Synacktiv)"
      },
      "title": "oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-7538",
    "datePublished": "2024-08-05T23:53:40.911Z",
    "dateReserved": "2024-08-05T23:35:31.062Z",
    "dateUpdated": "2024-08-06T19:55:03.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7509 (GCVE-0-2024-7509)

Vulnerability from cvelistv5 – Published: 2024-11-22 21:31 – Updated: 2024-11-25 16:44
VLAI
Title
Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19576.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
Trimble SketchUp Affected: 22.0.354.0
Create a notification for this product.
trimble sketchup Affected: 22.0.354.0
    cpe:2.3:a:trimble:sketchup:22.0.354.0:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-05 20:19
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:trimble:sketchup:22.0.354.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sketchup",
            "vendor": "trimble",
            "versions": [
              {
                "status": "affected",
                "version": "22.0.354.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7509",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T16:42:40.203108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-25T16:44:53.728Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SketchUp",
          "vendor": "Trimble",
          "versions": [
            {
              "status": "affected",
              "version": "22.0.354.0"
            }
          ]
        }
      ],
      "dateAssigned": "2024-08-05T20:10:31.462Z",
      "datePublic": "2024-08-05T20:19:29.699Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19576."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T21:31:56.368Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1055",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1055/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Anonymous"
      },
      "title": "Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-7509",
    "datePublished": "2024-11-22T21:31:56.368Z",
    "dateReserved": "2024-08-05T20:10:31.426Z",
    "dateUpdated": "2024-11-25T16:44:53.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7502 (GCVE-0-2024-7502)

Vulnerability from cvelistv5 – Published: 2024-08-06 16:50 – Updated: 2024-08-06 17:55
VLAI
Title
Delta Electronics DIAScreen Stack-Based Buffer Overflow
Summary
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-Based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Delta Electronics DIAScreen Affected: 0 , < 1.4.2 (custom)
Create a notification for this product.
deltaww diascreen Affected: 0 , < 1.4.2 (custom)
    cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-06 15:00
Credits
Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "diascreen",
            "vendor": "deltaww",
            "versions": [
              {
                "lessThan": "1.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-06T17:51:57.875862Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:55:44.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DIAScreen",
          "vendor": "Delta Electronics",
          "versions": [
            {
              "lessThan": "1.4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2024-08-06T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.\u003c/span\u003e"
            }
          ],
          "value": "A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-Based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T16:50:26.354Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-219-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelta Electronics has released \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://diastudio.deltaww.com/home/downloads?sec=download#catalog\"\u003ev1.4.2 of DIAScreen\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and recommends users install this update on all affected systems.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Delta Electronics has released  v1.4.2 of DIAScreen https://diastudio.deltaww.com/home/downloads \u00a0and recommends users install this update on all affected systems."
        }
      ],
      "source": {
        "advisory": "ICSA-24-219-01",
        "discovery": "EXTERNAL"
      },
      "title": "Delta Electronics DIAScreen Stack-Based Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-7502",
    "datePublished": "2024-08-06T16:50:26.354Z",
    "dateReserved": "2024-08-05T16:30:17.980Z",
    "dateUpdated": "2024-08-06T17:55:44.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7441 (GCVE-0-2024-7441)

Vulnerability from cvelistv5 – Published: 2024-08-03 17:31 – Updated: 2024-08-07 16:24 Unsupported When Assigned
VLAI
Title
Vivotek SD9364 httpd read stack-based overflow
Summary
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273526 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.273526 vdb-entrytechnical-description
https://vuldb.com/?ctiid.273526 signaturepermissions-required
https://vuldb.com/?submit.383842 third-party-advisory
https://yjz233.notion.site/vivotek-SD9364-has-sta… broken-linkexploit
Impacted products
Vendor Product Version
Vivotek SD9364 Affected: VVTK-0103f
Create a notification for this product.
vivotek sd9364_firmware Affected: vvtk-0103f
    cpe:2.3:o:vivotek:sd9364_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
jylsec (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:vivotek:sd9364_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sd9364_firmware",
            "vendor": "vivotek",
            "versions": [
              {
                "status": "affected",
                "version": "vvtk-0103f"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7441",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T16:17:09.130706Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:24:42.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "httpd"
          ],
          "product": "SD9364",
          "vendor": "Vivotek",
          "versions": [
            {
              "status": "affected",
              "version": "VVTK-0103f"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "jylsec (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273526 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life."
        },
        {
          "lang": "de",
          "value": "In Vivotek SD9364 VVTK-0103f wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion read der Komponente httpd. Dank der Manipulation des Arguments Content-Length mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-03T17:31:04.573Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273526 | Vivotek SD9364 httpd read stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.273526"
        },
        {
          "name": "VDB-273526 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273526"
        },
        {
          "name": "Submit #383842 | vivotek SD9364 VVTK-0103f buffer overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.383842"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://yjz233.notion.site/vivotek-SD9364-has-stack-buffer-overflow-vulnerability-in-httpd-c9dabd0511d04093865d1d75110429d1?pvs=4"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-02T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-02T23:46:19.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Vivotek SD9364 httpd read stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7441",
    "datePublished": "2024-08-03T17:31:04.573Z",
    "dateReserved": "2024-08-02T21:36:37.042Z",
    "dateUpdated": "2024-08-07T16:24:42.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7439 (GCVE-0-2024-7439)

Vulnerability from cvelistv5 – Published: 2024-08-03 16:00 – Updated: 2024-08-05 15:09 Unsupported When Assigned
VLAI
Title
Vivotek CC8160 httpd read stack-based overflow
Summary
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.273524 vdb-entrytechnical-description
https://vuldb.com/?ctiid.273524 signaturepermissions-required
https://vuldb.com/?submit.383830 third-party-advisory
https://yjz233.notion.site/vivotek-CC8160-has-sta… broken-linkexploit
Impacted products
Vendor Product Version
Vivotek CC8160 Affected: VVTK-0100d
Create a notification for this product.
vivotek cc8160 Affected: VVTK-0100d
    cpe:2.3:h:vivotek:cc8160:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
jylsec (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:vivotek:cc8160:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cc8160",
            "vendor": "vivotek",
            "versions": [
              {
                "status": "affected",
                "version": "VVTK-0100d"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T15:07:46.604884Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:09:25.672Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "httpd"
          ],
          "product": "CC8160",
          "vendor": "Vivotek",
          "versions": [
            {
              "status": "affected",
              "version": "VVTK-0100d"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "jylsec (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Vivotek CC8160 VVTK-0100d gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion read der Komponente httpd. Durch das Beeinflussen des Arguments Content-Length mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-03T16:00:07.798Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273524 | Vivotek CC8160 httpd read stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.273524"
        },
        {
          "name": "VDB-273524 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273524"
        },
        {
          "name": "Submit #383830 | VIVOTEK CC8160 VVTK-0100d buffer overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.383830"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://yjz233.notion.site/vivotek-CC8160-has-stack-buffer-overflow-vulnerability-in-httpd-8409f967d3064493b649720f36d59081?pvs=4"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-02T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-02T23:46:03.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Vivotek CC8160 httpd read stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7439",
    "datePublished": "2024-08-03T16:00:07.798Z",
    "dateReserved": "2024-08-02T21:36:32.099Z",
    "dateUpdated": "2024-08-05T15:09:25.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7152 (GCVE-0-2024-7152)

Vulnerability from cvelistv5 – Published: 2024-07-27 21:00 – Updated: 2024-08-01 21:52
VLAI
Title
Tenda O3 setMacFilterList fromSafeSetMacFilter stack-based overflow
Summary
A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.272555 vdb-entrytechnical-description
https://vuldb.com/?ctiid.272555 signaturepermissions-required
https://vuldb.com/?submit.377041 third-party-advisory
https://github.com/noahze01/IoT-vulnerable/blob/m… exploit
Impacted products
Vendor Product Version
Tenda O3 Affected: 1.0.0.10(2478)
Create a notification for this product.
tenda o3v2_firmware Affected: 1.0.0.10
    cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*
Create a notification for this product.
Credits
noahze (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "o3v2_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7152",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T13:40:27.298550Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T17:01:59.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:30.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272555 | Tenda O3 setMacFilterList fromSafeSetMacFilter stack-based overflow",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272555"
          },
          {
            "name": "VDB-272555 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272555"
          },
          {
            "name": "Submit #377041 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.377041"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromSafeSetMacFilter.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "O3",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.10(2478)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "noahze (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Tenda O3 1.0.0.10(2478) ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion fromSafeSetMacFilter der Datei /goform/setMacFilterList. Durch Manipulieren des Arguments time mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-27T21:00:06.271Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272555 | Tenda O3 setMacFilterList fromSafeSetMacFilter stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272555"
        },
        {
          "name": "VDB-272555 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272555"
        },
        {
          "name": "Submit #377041 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.377041"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromSafeSetMacFilter.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-27T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-27T07:51:42.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda O3 setMacFilterList fromSafeSetMacFilter stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7152",
    "datePublished": "2024-07-27T21:00:06.271Z",
    "dateReserved": "2024-07-27T05:46:29.296Z",
    "dateUpdated": "2024-08-01T21:52:30.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7151 (GCVE-0-2024-7151)

Vulnerability from cvelistv5 – Published: 2024-07-27 20:00 – Updated: 2024-08-01 21:52
VLAI
Title
Tenda O3 setMacFilter fromMacFilterSet stack-based overflow
Summary
A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.272554 vdb-entrytechnical-description
https://vuldb.com/?ctiid.272554 signaturepermissions-required
https://vuldb.com/?submit.377040 third-party-advisory
https://github.com/noahze01/IoT-vulnerable/blob/m… exploit
Impacted products
Vendor Product Version
Tenda O3 Affected: 1.0.0.10(2478)
Create a notification for this product.
tenda o3v2_firmware Affected: 1.0.0.10
    cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*
Create a notification for this product.
Credits
noahze (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "o3v2_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7151",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-28T10:59:04.716252Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-28T10:59:48.643Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:30.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272554 | Tenda O3 setMacFilter fromMacFilterSet stack-based overflow",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272554"
          },
          {
            "name": "VDB-272554 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272554"
          },
          {
            "name": "Submit #377040 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.377040"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromMacFilterSet.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "O3",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.10(2478)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "noahze (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda O3 1.0.0.10(2478) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion fromMacFilterSet der Datei /goform/setMacFilter. Durch das Manipulieren des Arguments remark mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-27T20:00:05.233Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272554 | Tenda O3 setMacFilter fromMacFilterSet stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272554"
        },
        {
          "name": "VDB-272554 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272554"
        },
        {
          "name": "Submit #377040 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.377040"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromMacFilterSet.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-27T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-27T07:51:39.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda O3 setMacFilter fromMacFilterSet stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7151",
    "datePublished": "2024-07-27T20:00:05.233Z",
    "dateReserved": "2024-07-27T05:46:26.985Z",
    "dateUpdated": "2024-08-01T21:52:30.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.