CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-31226

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads to a heap overflow in wbs_post() via an strcpy() call.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
https://www.kb.cert.org/vuls/id/608209
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
https://www.kb.cert.org/vuls/id/608209

Products affected by CVE-2021-31226

Hcc-Embedded » Interniche » Version: 4.0.1

cpe:2.3:a:hcc-embedded:interniche:4.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-31226

Products

Pricing

Contact Us