PT-2025-5975 · Nextu · Nextu Fleta Ax1500 Wifi6
Ku In Hoe
+1
·
Published
2025-02-07
·
Updated
2025-02-07
·
CVE-2024-35106
CVSS v3.1
4.6
Medium
| Vector | AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
NEXTU FLETA AX1500 WIFI6 version 1.0.3
Description
A buffer overflow was discovered at the
/boafrm/formIpQoS API endpoint. This issue allows attackers to cause a Denial of Service (DoS) or potentially execute arbitrary code via a crafted POST request.Recommendations
For version 1.0.3, consider disabling access to the
/boafrm/formIpQoS API endpoint until a patch is available to prevent potential exploitation. Restricting the use of this endpoint can help minimize the risk of a Denial of Service (DoS) or arbitrary code execution.Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextu Fleta Ax1500 Wifi6