CVE-2024-45163

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-400
View all →

Vulnerability Description

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.

Related Vulnerabilities

CVE-2018-3739

CRITICAL
CVSS:9.1(Critical)

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed i...

CWE-4002018

CVE-2018-3767

CRITICAL
CVSS:9.1(Critical)

`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.

CWE-4002018

CVE-2019-9750

CRITICAL
CVSS:9.1(Critical)

In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic i...

CWE-4002019

CVE-2022-24118

CRITICAL
CVSS:9.1(Critical)

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7...

CWE-4002022

CVE-2022-27889

CRITICAL
CVSS:9.1(Critical)

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-l...

CWE-4002022

CVE-2024-8892

CRITICAL
CVSS:9.1(Critical)

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, withou...

CWE-4002024