CVE-2024-7439

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.
References
Link Resource
https://vuldb.com/?ctiid.273524 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.273524 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?submit.383830 Third Party Advisory VDB Entry
https://yjz233.notion.site/vivotek-CC8160-has-stack-buffer-overflow-vulnerability-in-httpd-8409f967d3064493b649720f36d59081?pvs=4 Permissions Required
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:vivotek:cc8160_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:vivotek:cc8160:-:*:*:*:*:*:*:*

History

06 Aug 2024, 17:46

Type Values Removed Values Added
CPE cpe:2.3:h:vivotek:cc8160:-:*:*:*:*:*:*:*
cpe:2.3:o:vivotek:cc8160_firmware:-:*:*:*:*:*:*:*
CWE CWE-119
First Time Vivotek
Vivotek cc8160
Vivotek cc8160 Firmware
References () https://vuldb.com/?ctiid.273524 - () https://vuldb.com/?ctiid.273524 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.273524 - () https://vuldb.com/?id.273524 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.383830 - () https://vuldb.com/?submit.383830 - Third Party Advisory, VDB Entry
References () https://yjz233.notion.site/vivotek-CC8160-has-stack-buffer-overflow-vulnerability-in-httpd-8409f967d3064493b649720f36d59081?pvs=4 - () https://yjz233.notion.site/vivotek-CC8160-has-stack-buffer-overflow-vulnerability-in-httpd-8409f967d3064493b649720f36d59081?pvs=4 - Permissions Required
CVSS v2 : 9.0
v3 : 8.8
v2 : 9.0
v3 : 9.8

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) ** NO SOPORTADO CUANDO SE ASIGNÓ ** Se encontró una vulnerabilidad en Vivotek CC8160 VVTK-0100d y se clasificó como crítica. La función read del componente httpd es afectada por esta vulnerabilidad. La manipulación del argumento Content-Length conduce a un desbordamiento del búfer basado en pila. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-273524. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contactó primeramente con el proveedor y se confirmó que el árbol de lanzamiento afectado ha llegado al final de su vida útil.

03 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-03 16:15

Updated : 2024-08-06 17:46


NVD link : CVE-2024-7439

Mitre link : CVE-2024-7439

CVE.ORG link : CVE-2024-7439


JSON object : View

Products Affected

vivotek

  • cc8160
  • cc8160_firmware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-121

Stack-based Buffer Overflow