Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for MagicLine4NX.exe by Dream Security Co.,Ltd

    CVE-2021-26606 (GCVE-0-2021-26606)

    Vulnerability from nvd – Published: 2021-08-06 14:08 – Updated: 2024-09-16 22:46
    VLAI
    Title
    DreamSecurity MagicLine Buffer Overflow Vulnerability
    Summary
    A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dream Security Co.,Ltd MagicLine4NX.exe Affected: 1.0.0.17 , < 1.0.0.18 (custom)
    Create a notification for this product.
    Date Public
    2021-08-06 00:00
    Credits
    Thanks to Yoonho Kim for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "MagicLine4NX.exe",
              "vendor": "Dream Security Co.,Ltd",
              "versions": [
                {
                  "lessThan": "1.0.0.18",
                  "status": "affected",
                  "version": "1.0.0.17",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Yoonho Kim for reporting this vulnerability."
            }
          ],
          "datePublic": "2021-08-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-06T14:08:10.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update software over 1.0.0.18 version or higher."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DreamSecurity MagicLine Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "DATE_PUBLIC": "2021-08-06T01:26:00.000Z",
              "ID": "CVE-2021-26606",
              "STATE": "PUBLIC",
              "TITLE": "DreamSecurity MagicLine Buffer Overflow Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MagicLine4NX.exe",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "1.0.0.17",
                                "version_value": "1.0.0.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dream Security Co.,Ltd"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Yoonho Kim for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120 Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174",
                  "refsource": "MISC",
                  "url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update software over 1.0.0.18 version or higher."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26606",
        "datePublished": "2021-08-06T14:08:10.591Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:46:44.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26606 (GCVE-0-2021-26606)

    Vulnerability from cvelistv5 – Published: 2021-08-06 14:08 – Updated: 2024-09-16 22:46
    VLAI
    Title
    DreamSecurity MagicLine Buffer Overflow Vulnerability
    Summary
    A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dream Security Co.,Ltd MagicLine4NX.exe Affected: 1.0.0.17 , < 1.0.0.18 (custom)
    Create a notification for this product.
    Date Public
    2021-08-06 00:00
    Credits
    Thanks to Yoonho Kim for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "MagicLine4NX.exe",
              "vendor": "Dream Security Co.,Ltd",
              "versions": [
                {
                  "lessThan": "1.0.0.18",
                  "status": "affected",
                  "version": "1.0.0.17",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Yoonho Kim for reporting this vulnerability."
            }
          ],
          "datePublic": "2021-08-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-06T14:08:10.000Z",
            "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
            "shortName": "krcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update software over 1.0.0.18 version or higher."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DreamSecurity MagicLine Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vuln@krcert.or.kr",
              "DATE_PUBLIC": "2021-08-06T01:26:00.000Z",
              "ID": "CVE-2021-26606",
              "STATE": "PUBLIC",
              "TITLE": "DreamSecurity MagicLine Buffer Overflow Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MagicLine4NX.exe",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "1.0.0.17",
                                "version_value": "1.0.0.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dream Security Co.,Ltd"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Yoonho Kim for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120 Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174",
                  "refsource": "MISC",
                  "url": "https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update software over 1.0.0.18 version or higher."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "assignerShortName": "krcert",
        "cveId": "CVE-2021-26606",
        "datePublished": "2021-08-06T14:08:10.591Z",
        "dateReserved": "2021-02-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:46:44.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }