Описание
A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:sealevel:seaconnect_370w_firmware:1.3.34:*:*:*:*:*:*:*
cpe:2.3:h:sealevel:seaconnect_370w:-:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01899
Низкий
9 Critical
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-122
CWE-787
Связанные уязвимости
CVSS3: 8.1
github
почти 4 года назад
A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability.
EPSS
Процентиль: 83%
0.01899
Низкий
9 Critical
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-122
CWE-787