PT-2021-16815 · Moxa · Moxa Camera Vport 06Ec-2V Series
Qian Chen
·
Published
2021-05-10
·
Updated
2021-05-18
·
CVE-2021-25845
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Moxa Camera VPort 06EC-2V Series version 1.1
Description
The issue arises from improper validation of the ChassisID TLV in the userdisk/vport lldpd component, allowing attackers to cause a denial of service due to a NULL pointer dereference. This can be achieved by sending a crafted lldp packet.
Recommendations
For Moxa Camera VPort 06EC-2V Series version 1.1, consider temporarily disabling the
vport lldpd component in the userdisk to prevent exploitation until a patch is available. Restrict access to the userdisk/vport lldpd component to minimize the risk of denial of service attacks. Avoid processing crafted lldp packets until the issue is resolved.Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moxa Camera Vport 06Ec-2V Series