JVNVU#93740658: Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2

Overview

HOME SPOT CUBE2 provided by KDDI CORPORATION contains multiple buffer overflow vulnerabilities.

Products Affected

HOME SPOT CUBE2 V102 and earlier

Description

HOME SPOT CUBE2 provided by KDDI CORPORATION contains multiple vulnerabilities listed below.

Stack-based buffer overflow (CWE-121) - CVE-2024-21780

CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 6.5
Heap-based buffer overflow (CWE-122) - CVE-2024-23978

CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8

Impact

Processing a specially crafted command may result in a denial of service (DoS) condition - CVE-2024-21780
By processing invalid values, arbitrary code may be executed - CVE-2024-23978

Solution

Apply the workaround

Connect the product only to a trusted network

The affected products are no longer supported and updates will be not be provided.
For more information, refer to the information provided by KDDI CORPORATION.

Vendor Status

Vendor	Link
KDDI CORPORATION	HOME SPOT CUBE2 (Text in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2024-21780
	CVE-2024-23978
JVN iPedia

JVNVU#93740658 Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2