CVE-2024-23978: Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed....

9.8 CVSS

Description

Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.

Classification

CVE ID: CVE-2024-23978

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

Heap-based buffer overflow

Affected Products

Vendor: KDDI CORPORATION

Product: HOME SPOT CUBE2

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.27% (probability of being exploited)

EPSS Percentile: 50.05% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23978
https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/
https://jvn.jp/en/vu/JVNVU93740658/

Timeline

2025-05-15 20:40:14 UTC
CVE

Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed....