CVE-2021-38451 MEDIUM

CVE-2021-38451: AUVESY Versiondog

Vendor Auvesy
Product Versiondog
Weakness CWE-125
Published October 22, 2021
Last update September 17, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.

Key dates

02Disclosure timeline

October 22, 2021 CVE published
September 17, 2024 Record updated