ZDI-24-674: (0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability | allinfosecnews.com

June 13, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5950.

0day arbitrary code attackers authentication buffer buffer overflow code code execution cve cve-2024 cves cvss devices electronics exploit handling network overflow rating remote code remote code execution sea stack value vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

attackers authentication cve cve-2024 +16

ZDI-24-840: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +25

ZDI-24-839: (Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +21

ZDI-24-838: (Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +23

ZDI-24-837: (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +24

ZDI-24-836: (Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication cameras +16

ZDI-24-835: (Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

attackers authentication cameras cvss +11

ZDI-24-834: (Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

attacker attackers cameras code +18

ZDI-24-833: (Pwn2Own) Synology BC500 synocam_param.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +17

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California

View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel

View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN

View on infosec-jobs.com