Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sealevel Subscribe
Filtered by product Seaconnect 370w Firmware
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21964 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-10-25 7.1 HIGH 7.4 HIGH
A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2021-21968 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-09-30 6.8 MEDIUM 8.3 HIGH
A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2021-21969 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-09-30 6.8 MEDIUM 8.1 HIGH
An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write.
CVE-2021-21970 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-09-30 6.8 MEDIUM 8.1 HIGH
An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write.
CVE-2021-21960 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-07-29 7.5 HIGH 10.0 CRITICAL
A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2021-21959 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-07-29 6.8 MEDIUM 8.1 HIGH
A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality.
CVE-2021-21961 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-07-29 7.5 HIGH 10.0 CRITICAL
A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2021-21962 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-07-29 6.8 MEDIUM 8.1 HIGH
A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability.
CVE-2021-21963 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-07-29 4.3 MEDIUM 5.9 MEDIUM
An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2021-21965 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-07-29 6.4 MEDIUM 9.3 CRITICAL
A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2021-21971 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-07-29 4.3 MEDIUM 5.9 MEDIUM
An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2021-21967 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2022-04-21 7.1 HIGH 5.9 MEDIUM
An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.