CVE-2024-21473

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology RT6600ax (affected versions not specified)

Description The issue exists due to insufficient input validation in the Qualcomm Wi-Fi SON LDB Service, which can lead to memory corruption while redirecting log files to any location with any file name. This can allow a remote attacker to execute arbitrary code. The estimated impact and real-world incidents are not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-20

Related Identifiers

BDU:2024-00662

CVE-2024-21473

ZDI-24-072

ZDI-24-1178

Affected Products

Qualcomm Wi-Fi Son Ldb Service

Synology Rt6600Ax

CVE-2024-21473

Weakness Enumeration

Related Identifiers

Affected Products

References · 9