Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5950
8.8HIGH
Key Information:
- Vendor
- Deep Sea Electronics
- Status
- Dse855
- Vendor
- CVE Published:
- 13 June 2024
Summary
The vulnerability in Deep Sea Electronics DSE855 devices allows exploitation by network-adjacent attackers due to improper handling of multipart form variables. This flaw arises from inadequate validation of user-supplied data length before it is copied to a fixed-length stack-based buffer. Attackers can leverage this vulnerability to execute arbitrary code within the context of the affected device, leading to potential unauthorized access and control. The potential to exploit this issue without authentication increases the severity of the risk for organizations using these devices. For further information, refer to the advisory linked as ZDI-CAN-23172.
Affected Version(s)
DSE855 1.1.0
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved