|
[Japanese]
|
JVNDB-2024-001804
|
Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2
|
|
HOME SPOT CUBE2 provided by KDDI CORPORATION contains multiple vulnerabilities listed below.
* Stack-based buffer overflow (CWE-121) - CVE-2024-21780
* Heap-based buffer overflow (CWE-122) - CVE-2024-23978
Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-23978
|
CVSS V3 Severity:
Base Metrics:6.5 (Medium) [Other]
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-21780
|
|
|
KDDI
- HOME SPOT CUBE2 firmware V102 and earlier
|
|
|
* Processing a specially crafted command may result in a denial of service (DoS) condition - CVE-2024-21780
* By processing invalid values, arbitrary code may be executed - CVE-2024-23978
|
|
[Apply the workaround]
* Connect the product only to a trusted network
The affected products are no longer supported and updates will be not be provided.
For more information, refer to the information provided by KDDI CORPORATION.
|
|
KDDI
|
|
- Stack-based Buffer Overflow(CWE-121) [Other]
- Heap-based Buffer Overflow(CWE-122) [Other]
|
|
- CVE-2024-21780
- CVE-2024-23978
|
|
- JVN : JVNVU#93740658
- National Vulnerability Database (NVD) : CVE-2024-21780
- National Vulnerability Database (NVD) : CVE-2024-23978
|
|
- [2024/02/06]
Web page was published
- [2024/03/11]
References : Contents were added
|
