Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability: Unauthenticated Remote Code Execution Flaw Affects Deep Sea Electronics Devices
CVE-2024-5948

8.8HIGH

Key Information:

Vendor

Deep Sea Electronics

Status
Dse855
Vendor
CVE Published:
13 June 2024

What is CVE-2024-5948?

The vulnerability present in Deep Sea Electronics DSE855 relates to improper handling of multipart boundaries, resulting in a stack-based buffer overflow. This flaw originates from the failure to adequately validate the length of user-supplied data prior to its transfer into a fixed-length stack-based buffer. Network-adjacent attackers can exploit this weakness to execute arbitrary code on affected devices without needing any form of authentication, posing significant security risks to operational environments.

Affected Version(s)

DSE855 1.1.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-672/
x_research-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-5948 : Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability: Unauthenticated Remote Code Execution Flaw Affects Deep Sea Electronics Devices