Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5950

8.8HIGH

Key Information:

Vendor: Deep Sea Electronics
Status: Dse855
Vendor: CVE Published:; 13 June 2024

🔔 Create Deep Sea Electronics Vulnerability Alert

What is CVE-2024-5950?

The vulnerability in Deep Sea Electronics DSE855 devices allows exploitation by network-adjacent attackers due to improper handling of multipart form variables. This flaw arises from inadequate validation of user-supplied data length before it is copied to a fixed-length stack-based buffer. Attackers can leverage this vulnerability to execute arbitrary code within the context of the affected device, leading to potential unauthorized access and control. The potential to exploit this issue without authentication increases the severity of the risk for organizations using these devices. For further information, refer to the advisory linked as ZDI-CAN-23172.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DSE855 1.1.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-674/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Jun 13, 2024

JSON