CVE-2024-28894

2024-04-1510:47:50

jpcert

www.cve.org

cve-2024-28894

out-of-bounds read

ipv6 headers

cente middleware

tcp/ip network series

unauthenticated attacker

device operations

crafted packet

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.0%

JSON

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet.

CNA Affected

[
  {
    "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
    "product": "Cente IPv6",
    "versions": [
      {
        "version": "Ver.1.51 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
    "product": "Cente IPv6 SNMPv2",
    "versions": [
      {
        "version": "Ver.2.30 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
    "product": "Cente IPv6 SNMPv3",
    "versions": [
      {
        "version": "Ver.2.30 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU94016877/

www.cente.jp/obstacle/4960/