Sealevel Seaconnect 370W Firmware vulnerabilities
12 known vulnerabilities affecting sealevel/seaconnect_370w_firmware.
Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH6MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-21961P2CRITICALCVSS 10.0v1.3.342022-02-04
CVE-2021-21961 [CRITICAL] CWE-121 CVE-2021-21961: A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, In
A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
nvd
CVE-2021-21960P2CRITICALCVSS 10.0v1.3.342022-02-04
CVE-2021-21960 [CRITICAL] CWE-121 CVE-2021-21960: A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Syste
A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
nvd
CVE-2021-21962P3HIGHCVSS 8.1v1.3.342022-02-04
CVE-2021-21962 [HIGH] CWE-122 CVE-2021-21962: A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Seal
A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability.
nvd
CVE-2021-21965P3CRITICALCVSS 9.3v1.3.342022-02-04
CVE-2021-21965 [CRITICAL] CWE-284 CVE-2021-21965: A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealeve
A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
nvd
CVE-2021-21968P3HIGHCVSS 8.3v1.3.342022-02-04
CVE-2021-21968 [HIGH] CWE-20 CVE-2021-21968: A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. Sea
A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
nvd
CVE-2021-21969P3HIGHCVSS 8.1v1.3.342022-02-04
CVE-2021-21969 [HIGH] CWE-120 CVE-2021-21969: An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel S
An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 by
nvd
CVE-2021-21970P3HIGHCVSS 8.1v1.3.342022-02-04
CVE-2021-21970 [HIGH] CWE-120 CVE-2021-21970: An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel S
An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Be
nvd
CVE-2021-21959P3HIGHCVSS 8.1v1.3.342022-02-04
CVE-2021-21959 [HIGH] CWE-295 CVE-2021-21959: A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.
A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality.
nvd
CVE-2021-21964P4HIGHCVSS 7.4v1.3.342022-02-04
CVE-2021-21964 [HIGH] CWE-284 CVE-2021-21964: A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Syste
A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
nvd
CVE-2021-21971P4MEDIUMCVSS 5.9v1.3.342022-02-04
CVE-2021-21971 [MEDIUM] CWE-787 CVE-2021-21971: An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc
An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
nvd
CVE-2021-21963P4MEDIUMCVSS 5.9v1.3.342022-02-04
CVE-2021-21963 [MEDIUM] CWE-311 CVE-2021-21963: An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems,
An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
nvd
CVE-2021-21967P4MEDIUMCVSS 5.9v1.3.342022-04-14
CVE-2021-21967 [MEDIUM] CWE-120 CVE-2021-21967: An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems
An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
nvd