Vulnerability Details CVE-2021-38451
The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.3%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2021-38451
-
cpe:2.3:a:auvesy:versiondog:4.0.0
-
cpe:2.3:a:auvesy:versiondog:4.5.0
-
cpe:2.3:a:auvesy:versiondog:5.0.0
-
cpe:2.3:a:auvesy:versiondog:5.5.0
-
cpe:2.3:a:auvesy:versiondog:6.0.0
-
cpe:2.3:a:auvesy:versiondog:6.5.0
-
cpe:2.3:a:auvesy:versiondog:6.5.1
-
cpe:2.3:a:auvesy:versiondog:6.5.2
-
cpe:2.3:a:auvesy:versiondog:7.0.0
-
cpe:2.3:a:auvesy:versiondog:7.0.1
-
cpe:2.3:a:auvesy:versiondog:7.0.2
-
cpe:2.3:a:auvesy:versiondog:7.5.0