CVE-2021-38451

CWE-125: OUT-OF-BOUNDS READ
The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.
Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution, and acquire complete remote control over the machine.
Read: “Claroty, Auvesy Coordinate Disclosure on Versiondog Vulnerabilities

Risk Information

  • CVE ID
  • CVE-2021-38451
  • Vendor
  • AUVESY
  • Product
  • versiondog
  • CVSS v3
  • 4.8