← Back to CVEs
CVE-2021-38451
MEDIUM4.8
Description
The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.
CVE Details
CVSS v3.1 Score4.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionREQUIRED
Published10/22/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
auvesy:versiondog
Weaknesses (CWE)
CWE-125
References
https://us-cert.cisa.gov/ics/advisories/icsa-21-292-01(ics-cert@hq.dhs.gov)
https://us-cert.cisa.gov/ics/advisories/icsa-21-292-01(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.