ID

VAR-202402-0012


CVE

CVE-2024-23978


TITLE

HOME SPOT CUBE2  Multiple buffer overflow vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2024-001804

DESCRIPTION

Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows

Trust: 1.71

sources: NVD: CVE-2024-23978 // JVNDB: JVNDB-2024-001804 // VULMON: CVE-2024-23978

AFFECTED PRODUCTS

vendor:kddimodel:home spot cube 2scope:eqversion:v102

Trust: 1.0

vendor:kddimodel:home spot cube2scope:lteversion:home spot cube2 firmware v102 and earlier

Trust: 0.8

vendor:kddimodel:home spot cube2scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-23978
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-001804
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2024-23978
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-001804
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

PATCH

title:HOME SPOT CUBE2url:https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/

Trust: 0.8

sources: JVNDB: JVNDB-2024-001804

EXTERNAL IDS

db:NVDid:CVE-2024-23978

Trust: 2.7

db:JVNid:JVNVU93740658

Trust: 1.9

db:JVNDBid:JVNDB-2024-001804

Trust: 0.8

db:VULMONid:CVE-2024-23978

Trust: 0.1

sources: VULMON: CVE-2024-23978 // JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

REFERENCES

url:https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/

Trust: 1.1

url:https://jvn.jp/en/vu/jvnvu93740658/

Trust: 1.1

url:https://jvn.jp/vu/jvnvu93740658/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-21780

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-23978

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2024-23978 // JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

SOURCES

db:VULMONid:CVE-2024-23978
db:JVNDBid:JVNDB-2024-001804
db:NVDid:CVE-2024-23978

LAST UPDATE DATE

2024-08-14T14:30:03.577000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2024-23978date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-001804date:2024-03-11T08:28:00
db:NVDid:CVE-2024-23978date:2024-08-01T23:15:50.650

SOURCES RELEASE DATE

db:VULMONid:CVE-2024-23978date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-001804date:2024-02-06T00:00:00
db:NVDid:CVE-2024-23978date:2024-02-02T07:15:12.540