Lucene search

KrcertCVELIST:CVE-2021-26606

HistoryAug 06, 2021 - 12:00 a.m.

CVE-2021-26606 DreamSecurity MagicLine Buffer Overflow Vulnerability

2021-08-0600:00:00

CWE-20

CWE-120

krcert

www.cve.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.1%

JSON

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "MagicLine4NX.exe",
    "vendor": "Dream Security Co.,Ltd",
    "versions": [
      {
        "lessThan": "1.0.0.18",
        "status": "affected",
        "version": "1.0.0.17",
        "versionType": "custom"
      }
    ]
  }
]

References

boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for CVELIST:CVE-2021-26606