Details of VAR-202403-2113

ID

VAR-202403-2113

CVE

CVE-2024-28283

TITLE

Linksys E1000 Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-02170

DESCRIPTION

There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. Linksys E1000 is a router from Linksys, an American company. The vulnerability is caused by the failure to check the buffer input size. Remote attackers can exploit this vulnerability to cause denial of service or code execution

Trust: 1.44

sources: NVD: CVE-2024-28283 // CNVD: CNVD-2025-02170

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02170

AFFECTED PRODUCTS

vendor:

linksys

model:

e1000

scope:

lte

version:

<=2.1.03

Trust: 0.6

sources: CNVD: CNVD-2025-02170

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-28283
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-02170
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-02170
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-28283
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-02170 // NVD: CVE-2024-28283

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.0

sources: NVD: CVE-2024-28283

EXTERNAL IDS

db:	NVD	id:	CVE-2024-28283	Trust: 1.6
db:	CNVD	id:	CNVD-2025-02170	Trust: 0.6

sources: CNVD: CNVD-2025-02170 // NVD: CVE-2024-28283

REFERENCES

url:	https://d05004.notion.site/linksys-e1000-bof-37b98eec45ea4fc991b9b5bea3db091d?pvs=4	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-28283	Trust: 0.6

sources: CNVD: CNVD-2025-02170 // NVD: CVE-2024-28283

SOURCES

db:	CNVD	id:	CNVD-2025-02170
db:	NVD	id:	CVE-2024-28283

LAST UPDATE DATE

2025-01-25T22:50:10.699000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02170	date:	2025-01-22T00:00:00
db:	NVD	id:	CVE-2024-28283	date:	2024-08-06T16:35:08.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02170	date:	2025-01-15T00:00:00
db:	NVD	id:	CVE-2024-28283	date:	2024-03-19T21:15:07.770