Описание
A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:sealevel:seaconnect_370w_firmware:1.3.34:*:*:*:*:*:*:*
cpe:2.3:h:sealevel:seaconnect_370w:-:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00419
Низкий
8.1 High
CVSS3
8.3 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.4
github
почти 4 года назад
A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
EPSS
Процентиль: 61%
0.00419
Низкий
8.1 High
CVSS3
8.3 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
NVD-CWE-Other