How severe is CVE-2024-13503?

This vulnerability has a severity rating of CRITICAL with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-13503?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2024-13503 - CRITICAL Severity | CVSS N/A

Vulnerability Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion. This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The issue is both present on the PowerPC versions of the modem and the ARM versions. A stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. The parse_INFO function uses an unrestricted `sscanf` to read a string of an incoming network packet into a statically sized buffer.

Related Vulnerabilities

CVE-2017-16740

CRITICAL

CVSS:10.0(Critical)

A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has b...

CWE-1202017

CVE-2021-33972

CRITICAL

CVSS:10.0(Critical)

Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges.

CWE-1202021

CVE-2021-33975

CRITICAL

CVSS:10.0(Critical)

Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges.

CWE-1202021

CVE-2022-20827

CRITICAL

CVSS:10.0(Critical)

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (D...

CWE-1202022

CVE-2022-22570

CRITICAL

CVSS:10.0(Critical)

A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control a...

CWE-1202022

CVE-2022-31481

CRITICAL

CVSS:10.0(Critical)

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, ...

CWE-1202022