PT-2025-13815 · Novastar · Novastar Cx40

Ninpwn

Published

2025-03-31

Updated

2025-03-31

CVE-2025-3007

CVSS v2.0

5.2

Medium

Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Novastar CX40 versions up to 2.44.0

Description A critical issue affects the getopt function of the /usr/nova/bin/netconfig file in the NetFilter Utility component. The manipulation of the cmd, netmask, pipeout, or nettask arguments leads to a stack-based buffer overflow. The exploit has been publicly disclosed.

Recommendations For Novastar CX40 versions up to 2.44.0, as a temporary workaround, consider disabling the getopt function in the /usr/nova/bin/netconfig file until a patch is available. Restrict access to the NetFilter Utility component to minimize the risk of exploitation. Avoid using the cmd, netmask, pipeout, or nettask arguments in the affected getopt function until the issue is resolved.

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

CVE-2025-3007

Affected Products

Novastar Cx40

PT-2025-13815 · Novastar · Novastar Cx40

CVE-2025-3007

Weakness Enumeration

Related Identifiers

Affected Products

References · 7