CVE-2024-35106

NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://ez-net.co.kr/new_2012/customer/download_view.php?cid=&sid=&goods=&cate=&q=&seq=233
https://ez-net.co.kr/new_2012/product/view.php?cid=461&sid=467&q=%C7%C3%B7%B9%C5%B8&seq=3479&page=
https://gist.github.com/laskdjlaskdj12/571db73f18be1da1271fa1eb09f488de

Configurations

No configuration.

History

11 Feb 2025, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.9~~	v2 : unknown v3 : 4.6
Summary		(es) Se descubrió que NEXTU FLETA AX1500 WIFI6 v1.0.3 contenía un desbordamiento de búfer en /boafrm/formIpQoS. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) o la ejecución de código potencialmente arbitrario a través de una solicitud POST manipulada.

10 Feb 2025, 18:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9
CWE		CWE-120

07 Feb 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-07 15:15

Updated : 2025-02-11 16:15

NVD link : CVE-2024-35106

Mitre link : CVE-2024-35106

CVE.ORG link : CVE-2024-35106

JSON object : View

Products Affected

No product.

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

4.6 /10