CVE-2024-50697

{"id": "CVE-2024-50697", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2025-01-24T23:15:09.253", "references": [{"url": "https://en.sungrowpower.com/security-notice-detail-2/5961", "source": "cve@mitre.org"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow."}, {"lang": "es", "value": "En SunGrow WiNet-SV200.001.00.P027 y versiones anteriores, al descifrar mensajes MQTT, el c\u00f3digo que analiza campos TLV espec\u00edficos no tiene suficientes comprobaciones de los l\u00edmites. Esto puede provocar un desbordamiento del b\u00fafer basado en la pila."}], "lastModified": "2025-01-27T16:15:31.423", "sourceIdentifier": "cve@mitre.org"}