CVE-2021-25846

Name of the Vulnerable Software and Affected Versions Moxa Camera VPort 06EC-2V Series version 1.1

Description The issue is caused by improper validation of the ChassisID TLV in userdisk/vport lldpd, allowing attackers to cause a denial of service. This happens due to a negative number being passed to the memcpy function via a crafted lldp packet.

Recommendations For Moxa Camera VPort 06EC-2V Series version 1.1, consider disabling the vport lldpd function in userdisk until a patch is available to prevent exploitation. Restrict access to crafted lldp packets to minimize the risk of denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.