Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability: Unauthenticated Remote Code Execution Flaw Affects Deep Sea Electronics Devices
CVE-2024-5948

8.8HIGH

Key Information:

Vendor: Deep Sea Electronics
Status: Dse855
Vendor: CVE Published:; 13 June 2024

Summary

The vulnerability present in Deep Sea Electronics DSE855 relates to improper handling of multipart boundaries, resulting in a stack-based buffer overflow. This flaw originates from the failure to adequately validate the length of user-supplied data prior to its transfer into a fixed-length stack-based buffer. Network-adjacent attackers can exploit this weakness to execute arbitrary code on affected devices without needing any form of authentication, posing significant security risks to operational environments.

Affected Version(s)

DSE855 1.1.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-672/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Jun 13, 2024