Home / Early Warning / Vulnerabilidades / CVE-2021-25848

CVE-2021-25848

Type: 
Out-of-bounds Read
Severity: 
High
Publication date: 
05/10/2021
Last modified: 
05/18/2021
Description
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: No impact on system integrity + Partially affects on system confidentiality + Total commitment on system availability
Vulnerable software and versions
  • cpe:2.3:o:moxa:vport_06ec-2v80m_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v80m-t_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v80m-ct_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v80m-ct-t_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v60m_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v60m-t_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v60m-ct_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v60m-ct-t_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v42m_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v42m-t_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v42m-ct_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v42m-ct-t_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v36m-t_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v36m-ct_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v36m-ct-t_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:moxa:vport_06ec-2v26m_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v80m:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v80m-t:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v80m-ct:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v80m-ct-t:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v60m:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v60m-t:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v60m-ct:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v60m-ct-t:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v42m:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v42m-t:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v42m-ct:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v42m-ct-t:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v36m-t:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v36m-ct:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v36m-ct-t:-:*:*:*:*:*:*:*
  • cpe:2.3:h:moxa:vport_06ec-2v26m:-:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields