Asr1803Sc Firmware
CVE-2024-32632
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Primary rating from Vendor (68630edc-a58c-4cbd-9b01-0e130455c8ae) · only source for this CVE.
CVSS VectorVendor: 68630edc-a58c-4cbd-9b01-0e130455c8ae
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access
AnalysisAI
A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-686. A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access Affected products include: Asrmicro Asr1803Sc Firmware, Asrmicro Asr1607 Firmware, Asrmicro Asr3603 Firmware, Asrmicro Asr1806 Firmware, Asrmicro Asr1803 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Asr1803Sc Firmware
View allOut-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations. Rated high severity (CVSS 8.0), this vuln
In huge memory get unmapped area check, code can never be reached because of a logical contradiction. Rated medium sever
In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computa
An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way. Rated medium severity
Same weakness CWE-686 – Function Call With Incorrect Argument Type
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today