Vulnerabilities > CVE-2021-31226 - Out-of-bounds Write vulnerability in Hcc-Embedded Interniche 4.0.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
hcc-embedded
CWE-787

Summary

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads to a heap overflow in wbs_post() via an strcpy() call.

Vulnerable Configurations

Part Description Count
Application
Hcc-Embedded
1

Common Weakness Enumeration (CWE)