Skip to main content

G5Dfr Firmware CVE-2024-22081

CRITICAL
HTTP Request/Response Smuggling (CWE-444)
2024-03-20 cve@mitre.org
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 20, 2024 - 05:15 cve.org
CRITICAL 9.8

DescriptionCVE.org

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.

AnalysisAI

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as HTTP Request/Response Smuggling (CWE-444), which allows attackers to manipulate HTTP request interpretation between frontend and backend servers. An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. Affected products include: Elspec-Ltd G5Dfr Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict HTTP parsing, normalize requests at proxy layer, use HTTP/2 end-to-end, reject ambiguous headers.

CVE-2024-22080 CRITICAL
9.8 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS

CVE-2024-22078 HIGH
8.8 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 8.8)

CVE-2024-22084 HIGH
7.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5)

CVE-2024-22082 HIGH
7.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5)

CVE-2024-22079 HIGH
7.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5)

CVE-2024-22083 MEDIUM
6.5 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated medium severity (CVSS 6.

CVE-2024-22085 MEDIUM
6.2 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated medium severity (CVSS 6.

CVE-2024-22077 MEDIUM
5.3 Mar 20

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated medium severity (CVSS 5.

CVE-2025-59392 MEDIUM
6.8 Nov 06

On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inser

CVE-2024-46603 HIGH
7.5 Jan 07

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows att

CVE-2024-46602 HIGH
7.5 Jan 07

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. Rated high severity (CVSS 7.5)

CVE-2024-46601 HIGH
7.5 Jan 07

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow. Rated high

Share

CVE-2024-22081 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy