Details of VAR-202402-0012

ID

VAR-202402-0012

CVE

CVE-2024-23978

TITLE

HOME SPOT CUBE2 Multiple buffer overflow vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2024-001804

DESCRIPTION

Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows

Trust: 1.71

sources: NVD: CVE-2024-23978 // JVNDB: JVNDB-2024-001804 // VULMON: CVE-2024-23978

AFFECTED PRODUCTS

vendor:	kddi	model:	home spot cube 2	scope:	eq	version:	v102	Trust: 1.0
vendor:	kddi	model:	home spot cube2	scope:	lte	version:	home spot cube2 firmware v102 and earlier	Trust: 0.8
vendor:	kddi	model:	home spot cube2	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2024-23978
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-001804
value:	HIGH
Trust: 0.8

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-001804
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Heap-based buffer overflow (CWE-122) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

CONFIGURATIONS

sources: NVD: CVE-2024-23978

PATCH

title:

HOME SPOT CUBE2

url:

https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/

Trust: 0.8

sources: JVNDB: JVNDB-2024-001804

EXTERNAL IDS

db:	NVD	id:	CVE-2024-23978	Trust: 2.7
db:	JVN	id:	JVNVU93740658	Trust: 1.9
db:	JVNDB	id:	JVNDB-2024-001804	Trust: 0.8
db:	VULMON	id:	CVE-2024-23978	Trust: 0.1

sources: VULMON: CVE-2024-23978 // JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

REFERENCES

url:	https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/	Trust: 1.1
url:	https://jvn.jp/en/vu/jvnvu93740658/	Trust: 1.1
url:	https://jvn.jp/vu/jvnvu93740658/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-21780	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-23978	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2024-23978 // JVNDB: JVNDB-2024-001804 // NVD: CVE-2024-23978

SOURCES

db:	VULMON	id:	CVE-2024-23978
db:	JVNDB	id:	JVNDB-2024-001804
db:	NVD	id:	CVE-2024-23978

LAST UPDATE DATE

2024-05-17T22:53:20.357000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2024-23978	date:	2024-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-001804	date:	2024-03-11T08:28:00
db:	NVD	id:	CVE-2024-23978	date:	2024-05-17T02:36:41.847

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2024-23978	date:	2024-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2024-001804	date:	2024-02-06T00:00:00
db:	NVD	id:	CVE-2024-23978	date:	2024-02-02T07:15:12.540