ID
VAR-202403-2113
CVE
CVE-2024-28283
TITLE
Linksys of E1000 Stack-based buffer overflow vulnerability in firmware
Trust: 0.8
DESCRIPTION
There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. (DoS) It may be in a state. Linksys E1000 is a router from Linksys, an American company. The vulnerability is caused by the failure to check the buffer input size. Remote attackers can exploit this vulnerability to cause denial of service or code execution
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | linksys | model: | e1000 | scope: | lte | version: | 2.1.03 | Trust: 1.0 |
| vendor: | linksys | model: | e1000 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | linksys | model: | e1000 | scope: | lte | version: | e1000 firmware 2.1.03 and earlier | Trust: 0.8 |
| vendor: | linksys | model: | e1000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | linksys | model: | e1000 | scope: | lte | version: | <=2.1.03 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-121 | Trust: 1.0 |
| problemtype: | Stack-based buffer overflow (CWE-121) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-28283 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2024-025385 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-02170 | Trust: 0.6 |
REFERENCES
| url: | https://d05004.notion.site/linksys-e1000-bof-37b98eec45ea4fc991b9b5bea3db091d?pvs=4 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-28283 | Trust: 1.4 |
SOURCES
| db: | CNVD | id: | CNVD-2025-02170 |
| db: | JVNDB | id: | JVNDB-2024-025385 |
| db: | NVD | id: | CVE-2024-28283 |
LAST UPDATE DATE
2025-06-28T23:40:25.365000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-02170 | date: | 2025-01-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-025385 | date: | 2025-06-25T06:21:00 |
| db: | NVD | id: | CVE-2024-28283 | date: | 2025-06-10T15:52:54.640 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-02170 | date: | 2025-01-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-025385 | date: | 2025-06-25T00:00:00 |
| db: | NVD | id: | CVE-2024-28283 | date: | 2024-03-19T21:15:07.770 |